CVE-2024-20395

HIGH EPSS 12.1%
Published Jul 17, 20241y ago · Modified Jun 17, 20262w ago
7.3 CVSS 3.1
High
Find Similar
Published Jul 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

CVSS Details

Base Score
7.3
Exploitability
2.1
Impact
5.2
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
12.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-523

Affected Products 94

VendorProductVersionRange
ciscowebex_teams3.0.13464.0any
ciscowebex_teams3.0.13538.0any
ciscowebex_teams3.0.13588.0any
ciscowebex_teams3.0.14154.0any
ciscowebex_teams3.0.14234.0any
ciscowebex_teams3.0.14375.0any
ciscowebex_teams3.0.14741.0any
ciscowebex_teams3.0.14866.0any
ciscowebex_teams3.0.15015.0any
ciscowebex_teams3.0.15036.0any
ciscowebex_teams3.0.15092.0any
ciscowebex_teams3.0.15131.0any
ciscowebex_teams3.0.15164.0any
ciscowebex_teams3.0.15221.0any
ciscowebex_teams3.0.15333.0any
ciscowebex_teams3.0.15410.0any
ciscowebex_teams3.0.15485.0any
ciscowebex_teams3.0.15645.0any
ciscowebex_teams3.0.15711.0any
ciscowebex_teams3.0.16040.0any
ciscowebex_teams3.0.16269.0any
ciscowebex_teams3.0.16273.0any
ciscowebex_teams3.0.16285.0any
ciscowebex_teams4.0any
ciscowebex_teams4.1any
ciscowebex_teams4.1.57any
ciscowebex_teams4.1.92any
ciscowebex_teams4.2any
ciscowebex_teams4.2.42any
ciscowebex_teams4.2.75any
ciscowebex_teams4.3any
ciscowebex_teams4.4any
ciscowebex_teams4.5any
ciscowebex_teams4.5.224any
ciscowebex_teams4.6any
ciscowebex_teams4.6.197any
ciscowebex_teams4.7.78any
ciscowebex_teams4.8any
ciscowebex_teams4.8.170any
ciscowebex_teams4.9any
ciscowebex_teams4.9.205any
ciscowebex_teams4.9.252any
ciscowebex_teams4.9.269any
ciscowebex_teams4.10any
ciscowebex_teams4.10.343any
ciscowebex_teams4.11.211any
ciscowebex_teams4.12any
ciscowebex_teams4.12.236any
ciscowebex_teams4.13any
ciscowebex_teams4.13.200any
ciscowebex_teams4.14any
ciscowebex_teams4.15any
ciscowebex_teams4.16any
ciscowebex_teams4.17any
ciscowebex_teams4.18any
ciscowebex_teams4.19any
ciscowebex_teams4.20any
ciscowebex_teams42.1.0.169any
ciscowebex_teams42.1.0.2219any
ciscowebex_teams42.1.0.21190any
ciscowebex_teams42.2any
ciscowebex_teams42.2.0.21338any
ciscowebex_teams42.2.0.21486any
ciscowebex_teams42.3any
ciscowebex_teams42.3.0.21576any
ciscowebex_teams42.4.1.22032any
ciscowebex_teams42.5.0.22259any
ciscowebex_teams42.6any
ciscowebex_teams42.6.0.22565any
ciscowebex_teams42.6.0.22645any
ciscowebex_teams42.7any
ciscowebex_teams42.7.0.22904any
ciscowebex_teams42.7.0.23054any
ciscowebex_teams42.8any
ciscowebex_teams42.8.0.23214any
ciscowebex_teams42.8.0.23281any
ciscowebex_teams42.9any
ciscowebex_teams42.9.0.23494any
ciscowebex_teams42.10any
ciscowebex_teams42.10.0.23814any
ciscowebex_teams42.10.0.24000any
ciscowebex_teams42.11any
ciscowebex_teams42.11.0.24187any
ciscowebex_teams42.12any
ciscowebex_teams42.12.0.24485any
ciscowebex_teams43.1any
ciscowebex_teams43.1.0.24716any
ciscowebex_teams43.2any
ciscowebex_teams43.2.0.25157any
ciscowebex_teams43.2.0.25211any
ciscowebex_teams43.3any
ciscowebex_teams43.3.0.25468any
ciscowebex_teams43.4any
ciscowebex_teams43.4.0.25788any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.