5
CVSSv2

CVE-2020-3142

Published: 26/01/2020 Updated: 28/01/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow a remote malicious user to obtain sensitive information, caused by unintended meeting information exposure in a specific meeting join flow for mobile applications. By accessing a known meeting ID or meeting URL from the mobile device’s web browser, an attacker could exploit this vulnerability to join a password-protected meeting without providing the meeting password.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco webex meetings online

Vendor Advisories

[CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password The connection attempt must initiate from a Webex mobile application for either iOS or Android The vulnerability is ...

Recent Articles

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
Threatpost • Lindsey O'Donnell • 24 Jan 2020

UPDATE
Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary.
A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.
“An unauthorized attendee could exploit this vulnerability by accessing a...