CVE-2024-20396

17.07.2024, 17:15

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.

 This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
cisco	CNA	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
cisco	webex_teams	3.0.13464.0
cisco	webex_teams	3.0.13538.0
cisco	webex_teams	3.0.13588.0
cisco	webex_teams	3.0.14154.0
cisco	webex_teams	3.0.14234.0
cisco	webex_teams	3.0.14375.0
cisco	webex_teams	3.0.14741.0
cisco	webex_teams	3.0.14866.0
cisco	webex_teams	3.0.15015.0
cisco	webex_teams	3.0.15036.0
cisco	webex_teams	3.0.15092.0
cisco	webex_teams	3.0.15131.0
cisco	webex_teams	3.0.15164.0
cisco	webex_teams	3.0.15221.0
cisco	webex_teams	3.0.15333.0
cisco	webex_teams	3.0.15410.0
cisco	webex_teams	3.0.15485.0
cisco	webex_teams	3.0.15645.0
cisco	webex_teams	3.0.15711.0
cisco	webex_teams	3.0.16040.0
cisco	webex_teams	3.0.16269.0
cisco	webex_teams	3.0.16273.0
cisco	webex_teams	3.0.16285.0
cisco	webex_teams	42.1.0.21190
cisco	webex_teams	42.2.0.21338
cisco	webex_teams	42.2.0.21486
cisco	webex_teams	42.3.0.21576
cisco	webex_teams	42.4.1.22032
cisco	webex_teams	42.5.0.22259
cisco	webex_teams	42.6.0.22565
cisco	webex_teams	42.6.0.22645
cisco	webex_teams	42.7.0.22904
cisco	webex_teams	42.7.0.23054
cisco	webex_teams	42.8.0.23214
cisco	webex_teams	42.8.0.23281
cisco	webex_teams	42.9.0.23494
cisco	webex_teams	42.10.0.23814
cisco	webex_teams	42.11.0.24187
cisco	webex_teams	42.12.0.24485
cisco	webex_teams	43.1.0.24716
cisco	webex_teams	43.2.0.25157
cisco	webex_teams	43.2.0.25211
cisco	webex_teams	43.3.0.25468
cisco	webex_teams	43.4.0.25788

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j