CVE-2024-20396

MEDIUM EPSS 33.5%
Published Jul 17, 20241y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Jul 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
33.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 44

VendorProductVersionRange
ciscowebex_teams3.0.13464.0any
ciscowebex_teams3.0.13538.0any
ciscowebex_teams3.0.13588.0any
ciscowebex_teams3.0.14154.0any
ciscowebex_teams3.0.14234.0any
ciscowebex_teams3.0.14375.0any
ciscowebex_teams3.0.14741.0any
ciscowebex_teams3.0.14866.0any
ciscowebex_teams3.0.15015.0any
ciscowebex_teams3.0.15036.0any
ciscowebex_teams3.0.15092.0any
ciscowebex_teams3.0.15131.0any
ciscowebex_teams3.0.15164.0any
ciscowebex_teams3.0.15221.0any
ciscowebex_teams3.0.15333.0any
ciscowebex_teams3.0.15410.0any
ciscowebex_teams3.0.15485.0any
ciscowebex_teams3.0.15645.0any
ciscowebex_teams3.0.15711.0any
ciscowebex_teams3.0.16040.0any
ciscowebex_teams3.0.16269.0any
ciscowebex_teams3.0.16273.0any
ciscowebex_teams3.0.16285.0any
ciscowebex_teams42.1.0.21190any
ciscowebex_teams42.2.0.21338any
ciscowebex_teams42.2.0.21486any
ciscowebex_teams42.3.0.21576any
ciscowebex_teams42.4.1.22032any
ciscowebex_teams42.5.0.22259any
ciscowebex_teams42.6.0.22565any
ciscowebex_teams42.6.0.22645any
ciscowebex_teams42.7.0.22904any
ciscowebex_teams42.7.0.23054any
ciscowebex_teams42.8.0.23214any
ciscowebex_teams42.8.0.23281any
ciscowebex_teams42.9.0.23494any
ciscowebex_teams42.10.0.23814any
ciscowebex_teams42.11.0.24187any
ciscowebex_teams42.12.0.24485any
ciscowebex_teams43.1.0.24716any
ciscowebex_teams43.2.0.25157any
ciscowebex_teams43.2.0.25211any
ciscowebex_teams43.3.0.25468any
ciscowebex_teams43.4.0.25788any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.