CVE-2020-3126

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window.

CVSS v3 3.5 LOW
CVSS v2.0 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs24436	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:webex_meetings_server:t39.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-13 17:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-3126

Mitre link : CVE-2020-3126

CVE.ORG link : CVE-2020-3126

JSON object : View

Products Affected

cisco

webex_meetings_server

CWE

CWE-20

Improper Input Validation

CWE-284

Improper Access Control

{"id": "CVE-2020-3126", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2020-04-13T17:15:11.093", "references": [{"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs24436", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window."}, {"lang": "es", "value": "Una vulnerabilidad dentro de la funcionalidad Multimedia Viewer de Cisco Webex Meetings, podr\u00eda permitir a un atacante remoto autenticado omitir las protecciones de seguridad. La vulnerabilidad es debido a la falta de cuadros de di\u00e1logo de advertencia de seguridad cuando un host de sala visualiza archivos multimedia compartidos. Un atacante autenticado remoto podr\u00eda explotar esta vulnerabilidad al usar el rol de host para compartir archivos dentro de la funcionalidad Multimedia sharing y convencer a un antiguo host de la sala para que vea ese archivo. Un cuadro de di\u00e1logo de advertencia com\u00fanmente aparece advirtiendo a usuarios antes de que se muestre el archivo; sin embargo, el host anterior no ver\u00eda ese cuadro de di\u00e1logo de advertencia, y cualquier multimedia compartida se representar\u00eda dentro del navegador del usuario. El atacante podr\u00eda aprovechar este comportamiento para llevar a cabo ataques adicionales mediante la inclusi\u00f3n de archivos maliciosos dentro de la ventana del navegador de un host de sala objetivo."}], "lastModified": "2020-04-14T17:56:40.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_server:t39.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD0A7A6-9172-4090-94F9-B381C2C48DB7"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}