Lucene search

CiscoCVE-2023-20180

HistoryJul 07, 2023 - 8:15 p.m.

CVE-2023-20180

2023-07-0720:15:09

CWE-352

cisco

web.nvd.nist.gov

cve

cisco

webex

meetings

csrf

attack

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.

Affected configurations

Nvd

Node

ciscowebex_meetingsMatch39.6

ciscowebex_meetingsMatch39.7

ciscowebex_meetingsMatch39.7.4

ciscowebex_meetingsMatch39.7.7

ciscowebex_meetingsMatch39.8

ciscowebex_meetingsMatch39.8.2

ciscowebex_meetingsMatch39.8.3

ciscowebex_meetingsMatch39.8.4

ciscowebex_meetingsMatch39.9

ciscowebex_meetingsMatch39.9.1

ciscowebex_meetingsMatch39.10

ciscowebex_meetingsMatch39.11

ciscowebex_meetingsMatch40.1

ciscowebex_meetingsMatch40.2

ciscowebex_meetingsMatch40.4

ciscowebex_meetingsMatch40.4.10

ciscowebex_meetingsMatch40.6

ciscowebex_meetingsMatch40.6.2

ciscowebex_meetingsMatch42.6

ciscowebex_meetingsMatch42.7

ciscowebex_meetingsMatch42.8

ciscowebex_meetingsMatch42.9

ciscowebex_meetingsMatch42.10

ciscowebex_meetingsMatch42.11

ciscowebex_meetingsMatch42.12

ciscowebex_meetingsMatch43.1

ciscowebex_meetingsMatch43.2

ciscowebex_meetingsMatch43.3

ciscowebex_meetingsMatch43.4

ciscowebex_meetingsMatch43.4.1

ciscowebex_meetingsMatch43.4.2

ciscowebex_meetingsMatch43.5.0

VendorProductVersionCPE
ciscowebex_meetings39.6cpe:2.3:a:cisco:webex_meetings:39.6:*:*:*:*:*:*:*
ciscowebex_meetings39.7cpe:2.3:a:cisco:webex_meetings:39.7:*:*:*:*:*:*:*
ciscowebex_meetings39.7.4cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*
ciscowebex_meetings39.7.7cpe:2.3:a:cisco:webex_meetings:39.7.7:*:*:*:*:*:*:*
ciscowebex_meetings39.8cpe:2.3:a:cisco:webex_meetings:39.8:*:*:*:*:*:*:*
ciscowebex_meetings39.8.2cpe:2.3:a:cisco:webex_meetings:39.8.2:*:*:*:*:*:*:*
ciscowebex_meetings39.8.3cpe:2.3:a:cisco:webex_meetings:39.8.3:*:*:*:*:*:*:*
ciscowebex_meetings39.8.4cpe:2.3:a:cisco:webex_meetings:39.8.4:*:*:*:*:*:*:*
ciscowebex_meetings39.9cpe:2.3:a:cisco:webex_meetings:39.9:*:*:*:*:*:*:*
ciscowebex_meetings39.9.1cpe:2.3:a:cisco:webex_meetings:39.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meetings	39.6	cpe:2.3:a:cisco:webex_meetings:39.6:::::::*
cisco	webex_meetings	39.7	cpe:2.3:a:cisco:webex_meetings:39.7:::::::*
cisco	webex_meetings	39.7.4	cpe:2.3:a:cisco:webex_meetings:39.7.4:::::::*
cisco	webex_meetings	39.7.7	cpe:2.3:a:cisco:webex_meetings:39.7.7:::::::*
cisco	webex_meetings	39.8	cpe:2.3:a:cisco:webex_meetings:39.8:::::::*
cisco	webex_meetings	39.8.2	cpe:2.3:a:cisco:webex_meetings:39.8.2:::::::*
cisco	webex_meetings	39.8.3	cpe:2.3:a:cisco:webex_meetings:39.8.3:::::::*
cisco	webex_meetings	39.8.4	cpe:2.3:a:cisco:webex_meetings:39.8.4:::::::*
cisco	webex_meetings	39.9	cpe:2.3:a:cisco:webex_meetings:39.9:::::::*
cisco	webex_meetings	39.9.1	cpe:2.3:a:cisco:webex_meetings:39.9.1:::::::*

Rows per page:

1-10 of 321

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Webex Meetings",
    "versions": [
      {
        "version": "39.10",
        "status": "affected"
      },
      {
        "version": "39.11",
        "status": "affected"
      },
      {
        "version": "39.6",
        "status": "affected"
      },
      {
        "version": "39.7",
        "status": "affected"
      },
      {
        "version": "39.7.4",
        "status": "affected"
      },
      {
        "version": "39.7.7",
        "status": "affected"
      },
      {
        "version": "39.8",
        "status": "affected"
      },
      {
        "version": "39.8.2",
        "status": "affected"
      },
      {
        "version": "39.8.3",
        "status": "affected"
      },
      {
        "version": "39.8.4",
        "status": "affected"
      },
      {
        "version": "39.9",
        "status": "affected"
      },
      {
        "version": "39.9.1",
        "status": "affected"
      },
      {
        "version": "40.1",
        "status": "affected"
      },
      {
        "version": "40.2",
        "status": "affected"
      },
      {
        "version": "40.4",
        "status": "affected"
      },
      {
        "version": "40.4.10",
        "status": "affected"
      },
      {
        "version": "40.6",
        "status": "affected"
      },
      {
        "version": "40.6.2",
        "status": "affected"
      },
      {
        "version": "42.10",
        "status": "affected"
      },
      {
        "version": "42.11",
        "status": "affected"
      },
      {
        "version": "42.6",
        "status": "affected"
      },
      {
        "version": "42.9",
        "status": "affected"
      },
      {
        "version": "42.12",
        "status": "affected"
      },
      {
        "version": "42.8",
        "status": "affected"
      },
      {
        "version": "42.7",
        "status": "affected"
      },
      {
        "version": "43.2",
        "status": "affected"
      },
      {
        "version": "43.1",
        "status": "affected"
      },
      {
        "version": "43.3",
        "status": "affected"
      },
      {
        "version": "43.4",
        "status": "affected"
      },
      {
        "version": "43.4.2",
        "status": "affected"
      },
      {
        "version": "43.5.0",
        "status": "affected"
      },
      {
        "version": "43.4.1",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.9%

JSON

Related for CVE-2023-20180