CVE-2024-20396

Published: Jul 17, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.

Vendor	Product	Versions
Cisco	Cisco Webex Teams	affected `3.0.13464.0` affected `3.0.13538.0` affected `3.0.13588.0` affected `3.0.14154.0` affected `3.0.14234.0` +39 more versions

Weaknesses (CWE)

CWE-200

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

cisco-sa-webex-app-ZjNm8X8j

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-20396

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References