Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2020-3342
HistoryJun 18, 2020 - 3:15 a.m.

CVE-2020-3342

2020-06-1803:15:13
CWE-295
cisco
web.nvd.nist.gov
56
cisco
webex
meetings
desktop app
mac
vulnerability
software update
remote attacker
arbitrary code
cryptographic protection
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.

Affected configurations

Nvd
Node
ciscowebex_meetingsRange<39.5.11desktopmac_os
VendorProductVersionCPE
ciscowebex_meetings*cpe:2.3:a:cisco:webex_meetings:*:*:*:*:desktop:mac_os:*:*

CNA Affected

[
  {
    "product": "Cisco WebEx Meetings Server",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

prion 1
cisco 1
nessus 1
nvd 1
cvelist 1
threatpost 1
prion
prion
Input validation
2020-06-18 03:15:00
cisco
cisco
Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability
2020-06-17 16:00:00
nessus
nessus
Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution (cisco-sa-webex-client-mac-X7vp65BL)
2020-06-19 00:00:00
nvd
nvd
CVE-2020-3342
2020-06-18 03:15:13
cvelist
cvelist
CVE-2020-3342 Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability
2020-06-18 02:16:35
threatpost
threatpost
Cisco Webex, Router Bugs Allow Code Execution
2020-06-18 16:18:12

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON
Related for CVE-2020-3342
prion1cisco1nessus1nvd1cvelist1threatpost1