Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-3347

Published: 18/06/2020 Updated: 06/08/2021
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Webex Meetings

Vulnerability Summary

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local malicious user to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the malicious user to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco webex meetings

cisco webex meetings 40.6.0

Vendor Advisories

Cisco: Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system The vulnerability is due to unsafe usage of shared memory that is used by the affected software An attacker with permissions to view system memory could exploit this vulnerabili ...

Recent Articles

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching
The Register • Lindsay Clark • 21 Aug 2020

Lack of protections around trace facility gives local users read and write access DB2 migration problems caused IBM to resurrect Netezza, according to analyst

A bug-hunter has uncovered a vulnerability in IBM's popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack. Security firm Trustwave said the shared memory vulnerability in Db2 - CVE-2020-4414 - was similar to the problems found with Cisco's Webex in June (CVE-2020-3347). According to TrustWave, "Only Db2 for LUW (Linux, Unix, Windows) is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected." M...

Read more...
Used Cisco Webex recently? Memory vuln could have let remote attackers snoop on your meetings and files
The Register • Gareth Corfield • 18 Jun 2020

Only if they'd already pwned your box, mind. Still: get patching! Who's still using Webex? Not even Cisco: Judge orders IT giant to use rival Zoom for virtual patent trial

Cisco Webex suffered from a vuln that could have allowed an attacker to access any account by simply copy-pasting a unique session token into a browser string. Although the attack described by Trustwave relied on the attacker already having access to the victim's system, which reduces the likelihood that this vuln was deployed in the wild by malicious people, it is, nonetheless, not a good thing. If a user installed the Webex desktop client and set it to automatically log in, the client saved a ...

Read more...

References

CWE-200https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vthttps://nvd.nist.govhttps://www.theregister.co.uk/2020/06/18/cisco_webex/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook