Rewterz Threat Advisory – CVE-2020-3345 – Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability

July 22, 2020

Severity

Medium

Analysis Summary

The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.

Impact

HTML Injection
Modification of web page

Affected Vendors

Cisco

Affected Products

Cisco Webex Meetings releases earlier than Release 40.6.0
Cisco Webex Meetings Server releases earlier than Release 4.0

Remediation

Refer to Cisco advisory for the list of affected products and their respective patches.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SuperCard X Malware Exploiting NFC for Financial Fraud – Active IOCs

Zoom Remote Control Feature Exploited to Gain Access

Microsoft Entra Account Lockouts Triggered by Token Logging Error

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – From LokiBot to Xerxes to BlackRock banking Trojan

Rewterz Threat Alert – Fake Voicemail Phishing Campaigns

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.