CVE-2020-3471

Published Nov 18, 2020

Last updated a year ago

CVSS medium 6.5

Overview

Description: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-662
ykramarz@cisco.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
            "versionEndExcluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References