CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.

 This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
ciscoCNA
6.4 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ciscowebex_teams
3.0.13464.0
ciscowebex_teams
3.0.13538.0
ciscowebex_teams
3.0.13588.0
ciscowebex_teams
3.0.14154.0
ciscowebex_teams
3.0.14234.0
ciscowebex_teams
3.0.14375.0
ciscowebex_teams
3.0.14741.0
ciscowebex_teams
3.0.14866.0
ciscowebex_teams
3.0.15015.0
ciscowebex_teams
3.0.15036.0
ciscowebex_teams
3.0.15092.0
ciscowebex_teams
3.0.15131.0
ciscowebex_teams
3.0.15164.0
ciscowebex_teams
3.0.15221.0
ciscowebex_teams
3.0.15333.0
ciscowebex_teams
3.0.15410.0
ciscowebex_teams
3.0.15485.0
ciscowebex_teams
3.0.15645.0
ciscowebex_teams
3.0.15711.0
ciscowebex_teams
3.0.16040.0
ciscowebex_teams
3.0.16269.0
ciscowebex_teams
3.0.16273.0
ciscowebex_teams
3.0.16285.0
ciscowebex_teams
4.0
ciscowebex_teams
4.1
ciscowebex_teams
4.1.57
ciscowebex_teams
4.1.92
ciscowebex_teams
4.2
ciscowebex_teams
4.2.42
ciscowebex_teams
4.2.75
ciscowebex_teams
4.3
ciscowebex_teams
4.4
ciscowebex_teams
4.5
ciscowebex_teams
4.5.224
ciscowebex_teams
4.6
ciscowebex_teams
4.6.197
ciscowebex_teams
4.7.78
ciscowebex_teams
4.8
ciscowebex_teams
4.8.170
ciscowebex_teams
4.9
ciscowebex_teams
4.9.205
ciscowebex_teams
4.9.252
ciscowebex_teams
4.9.269
ciscowebex_teams
4.10
ciscowebex_teams
4.10.343
ciscowebex_teams
4.11.211
ciscowebex_teams
4.12
ciscowebex_teams
4.12.236
ciscowebex_teams
4.13
ciscowebex_teams
4.13.200
ciscowebex_teams
4.14
ciscowebex_teams
4.15
ciscowebex_teams
4.16
ciscowebex_teams
4.17
ciscowebex_teams
4.18
ciscowebex_teams
4.19
ciscowebex_teams
4.20
ciscowebex_teams
42.1.0.169
ciscowebex_teams
42.1.0.2219
ciscowebex_teams
42.1.0.21190
ciscowebex_teams
42.2
ciscowebex_teams
42.2.0.21338
ciscowebex_teams
42.2.0.21486
ciscowebex_teams
42.3
ciscowebex_teams
42.3.0.21576
ciscowebex_teams
42.4.1.22032
ciscowebex_teams
42.5.0.22259
ciscowebex_teams
42.6
ciscowebex_teams
42.6.0.22565
ciscowebex_teams
42.6.0.22645
ciscowebex_teams
42.7
ciscowebex_teams
42.7.0.22904
ciscowebex_teams
42.7.0.23054
ciscowebex_teams
42.8
ciscowebex_teams
42.8.0.23214
ciscowebex_teams
42.8.0.23281
ciscowebex_teams
42.9
ciscowebex_teams
42.9.0.23494
ciscowebex_teams
42.10
ciscowebex_teams
42.10.0.23814
ciscowebex_teams
42.10.0.24000
ciscowebex_teams
42.11
ciscowebex_teams
42.11.0.24187
ciscowebex_teams
42.12
ciscowebex_teams
42.12.0.24485
ciscowebex_teams
43.1
ciscowebex_teams
43.1.0.24716
ciscowebex_teams
43.2
ciscowebex_teams
43.2.0.25157
ciscowebex_teams
43.2.0.25211
ciscowebex_teams
43.3
ciscowebex_teams
43.3.0.25468
ciscowebex_teams
43.4
ciscowebex_teams
43.4.0.25788
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j