Overview
- Description
- A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9167015-4F26-47E1-B49E-C6211139FB4E",
"versionEndIncluding": "39.5.25"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C71BF8E8-527C-4475-B387-CAA1D3415648",
"versionEndIncluding": "40.4.10",
"versionStartIncluding": "40.1.0"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:40.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6578FEFD-CC4A-401A-B769-A3BB8998CBF1"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCF06551-3FF4-4BCD-9EE4-75EFCE7BBCBA",
"versionEndExcluding": "4.0"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E"
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D25BC647-C569-46E5-AD45-7E315EBEB784"
}
],
"operator": "OR"
}
]
}
]