Severity
Medium
Analysis Summary
CVE-2020-3471
The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.
CVE-2020-3419
This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.
Impact
Audio Information Exposure
Affected Vendors
Cisco
Affected Products
- WBS 39.5.25 and earlier
- WBS 40.6.10 and earlier
- WBS 40.9.5
- 3.0MR Security Patch 4 and earlier
- 4.0MR3 Security Patch 3 and earlier
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.