Severity Rating: Medium
Software Affected
Cisco Webex Meetings Desktop App for Windows releases prior to 40.4.12 and 40.6.0.
Overview
A vulnerability have been reported in Cisco Webex Meetings Desktop App for
Windows which could allow an authenticated, local attacker to gain access
to sensitive information on an affected system.
Description
Information Disclosure Vulnerability
A Vulnerability exists in Cisco Webex Meetings Desktop App for Windows due
to unsafe usage of shared memory that is used by the affected software site
that could allow the attacker to gain access to sensitive information on an
affected system. An attacker could exploit this vulnerability by running an
application on the local system that is designed to read shared memory.
Successful exploitation of this vulnerability could allow the attacker to
retrieve sensitive information from the shared memory, including usernames,
meeting information, or authentication tokens that could aid the attacker
in future attacks.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-NBmqM9vt
Vendor Information
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-NBmqM9vt
Reference
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-NBmqM9vt
CVE Name
(CVE-2020-3347)
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.