A vulnerability was found in Cisco Webex Meetings Desktop App (Unified Communication Software) (affected version unknown) and classified as problematic. This issue affects an unknown functionality of the component User Interface. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality. The summary by CVE is:

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

The weakness was disclosed 08/17/2020 as cisco-sa-webex-client-g3zevBcp as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. The identification of this vulnerability is CVE-2020-3502 since 12/12/2019. The attack may be initiated remotely. The successful exploitation needs a simple authentication. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability.

The entry 160006 is pretty similar.

Productinfo

Type

• Unified Communication Software

Vendor

• Cisco

Name

• Webex Meetings Desktop App

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion