Cisco Webex App Messaging Interface interpretations of ui
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Cisco Webex App and classified as problematic. The impacted element is an unknown function of the component Messaging Interface. The manipulation leads to interpretations of ui. This vulnerability is uniquely identified as CVE-2022-20863. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, has been found in Cisco Webex App (Unified Communication Software) (the affected version unknown). This issue affects an unknown part of the component Messaging Interface. The manipulation with an unknown input leads to a interpretations of ui vulnerability. Using CWE to declare the problem leads to CWE-450. The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. Impacted is integrity, and availability. The summary by CVE is:
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks.
The weakness was disclosed 09/08/2022 as cisco-sa-webex-app-qrtO6YC2. It is possible to read the advisory at tools.cisco.com. The identification of this vulnerability is CVE-2022-20863 since 11/02/2021. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/08/2022).
Upgrading eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.9VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.4
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 4.3
CNA Vector (Cisco Systems, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Interpretations of uiCWE: CWE-450
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/02/2021 🔍09/08/2022 🔍
09/08/2022 🔍
09/08/2022 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-webex-app-qrtO6YC2
Status: Confirmed
CVE: CVE-2022-20863 (🔍)
GCVE (CVE): GCVE-0-2022-20863
GCVE (VulDB): GCVE-100-208127
Entry
Created: 09/08/2022 18:04Changes: 09/08/2022 18:04 (49)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.