cisco-sa-webex-info-leak-PhpzB3sG

Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability

cisco-sa-webex-info-leak-PhpzB3sG · Medium · Published 5 years ago · Updated 5 years ago

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-leak-PhpzB3sG

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2020-3471
Cisco Bug IDs	CSCvu84564, CSCvu98531
CVSS Score	Base 6.5 Base 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco WebEx Meetings Server, Cisco Webex Meetings

Related Products

Product	CVE	Evidence
Cisco Webex Meetings	CVE-2020-3471	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2020-3471	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability

Workarounds

Related Products