Rewterz

Rewterz Threat Advisory – CVE-2020-3446 – Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability

August 20, 2020
Rewterz

Rewterz Threat Alert – BLINDINGCAN Remote Access Trojan

August 20, 2020

Rewterz Threat Advisory – CVE-2020-3440 – Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

Severity

Medium

Analysis Summary

The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.

Impact

Overwrite arbitrary files

Affected Vendors

Cisco

Affected Products

Cisco Webex Meetings Desktop App for Windows releases earlier than Release 40.8

Remediation

Refer to Cisco advisory for the list of affected products and their respective patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.