ID CVE-2020-3441 Type cve Reporter cve@mitre.org Modified 2020-11-27T18:25:00
Description
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.
{"nessus": [{"lastseen": "2020-12-08T01:31:27", "description": "According to its self-reported version, Cisco Webex Meetings is affected by a information disclosure vulnerability.\nThis vulnerability is due to insufficient protection of sensitive participant information. An unauthenticated, remote\nattacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker\nto gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "edition": 3, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-04T00:00:00", "title": "Cisco Webex Meetings Information Disclosure (cisco-sa-webex-infodisc-4tvQzn4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3441"], "modified": "2020-12-04T00:00:00", "cpe": ["cpe:/a:cisco:webex_meetings"], "id": "CISCO-SA-WEBEX-INFODISC-4TVQZN4.NASL", "href": "https://www.tenable.com/plugins/nessus/143475", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143475);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-3441\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu44356\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu48356\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-webex-infodisc-4tvQzn4\");\n script_xref(name:\"IAVA\", value:\"2020-A-0550\");\n\n script_name(english:\"Cisco Webex Meetings Information Disclosure (cisco-sa-webex-infodisc-4tvQzn4)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Webex Meetings is affected by a information disclosure vulnerability.\nThis vulnerability is due to insufficient protection of sensitive participant information. An unauthenticated, remote\nattacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker\nto gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39cd3c9b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu44356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu48356\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvu44356, CSCvu48356\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3441\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:webex_meetings\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_webex_meetings_win_installed.nbin\", \"macosx_cisco_webex_meetings_desktop_app_installed.nbin\");\n script_require_keys(\"installed_sw/Cisco Webex Meetings\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\n# Detection has no ability to detect MR3 security patches and we don't check slow channel\n# mentioned in part of the advisory.\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\napp_info = vcf::get_app_info(app:'Cisco Webex Meetings');\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n {'min_version': '0', 'max_version': '40.11.3', 'fixed_version': 'See vendor advisory'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cisco": [{"lastseen": "2020-12-24T11:40:23", "bulletinFamily": "software", "cvelist": ["CVE-2020-3441"], "description": "A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby.\n\nThis vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4\"]", "modified": "2020-11-23T21:59:11", "published": "2020-11-18T16:00:00", "id": "CISCO-SA-WEBEX-INFODISC-4TVQZN4", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4", "type": "cisco", "title": "Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability", "cvss": {"score": 5.3, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "threatpost": [{"lastseen": "2020-11-18T23:07:19", "bulletinFamily": "info", "cvelist": ["CVE-2020-27130", "CVE-2020-3419", "CVE-2020-3441", "CVE-2020-3471"], "description": "A vulnerability in Cisco\u2019s Webex conferencing application could allow an attendee to act as a \u201cghost\u201d in the meeting \u2013 allowing them to spy in on potentially sensitive company secrets.\n\nTo [exploit the flaw](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r>) (CVE-2020-3419), attackers can be remote \u2013 however, they would need access to join the Webex meetings, including applicable meeting \u201cjoin\u201d links and passwords. For this reason, the flaw is only considered medium severity by Cisco, ranking 6.5 out of 10 on the CVSS scale. However, the practical implications are significant when considering information a \u201cghost\u201d could obtain in a meeting that assumed he or she was absent from.\n\nOnce they have meeting access, an attacker could exploit the flaw by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. The bad actor could then exploit this vulnerability to join meetings \u2013 without appearing in the participant list \u2013 giving them full access to audio, video, chat and screen sharing capabilities.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cWith this flaw, a ghost could stay in a meeting while not being seen by others, even after being expelled by the host, which makes this practice especially problematic,\u201d said researchers with IBM [in a Wednesday analysis](<https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/>). \u201cWe identified that we could maintain the working bidirectional audio communication while a server thought the connection from an attendee dropped \u2014 meaning the attendee disappeared from the participants panel and became a ghost.\u201d\n\nThis vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. It affected all Cisco Webex Meetings sites prior to November 17, 2020; and all Cisco Webex Meetings apps releases 40.10.9 and earlier for iOS and Android.\n\nThe flaw also impacts Cisco Webex Meetings Server releases 3.0MR Security Patch 4 and earlier, and 4.0MR3 Security Patch 3 and earlier.\n\n\u201cCisco addressed this vulnerability on November 17, 2020, in Cisco Webex Meetings sites, which are cloud based,\u201d according to Cisco. \u201cNo user action is required.\u201d\n\nCisco said it\u2019s aware of public announcements of the vulnerability \u2013 but so far it has yet to spot any exploits in the wild. The flaws come as collaboration tools \u2013 [like Webex](<https://threatpost.com/beyond-zoom-safe-slack-collaboration-apps/154446/>), as well as [Zoom and Skype](<https://threatpost.com/zoom-bombers-ftc-settlement/161312/>) \u2013 face explosive utilization due to the coronavirus pandemic.\n\nTwo other flaws in Cisco Webex were also discovered by IBM researchers \u2013 including one ([CVE-2020-3441](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4>)) allowing an unauthenticated, remote attacker to view sensitive Webex information from the meeting room lobby, and another ([CVE-2020-3471](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-leak-PhpzB3sG>)) enabling bad actors to maintain the audio connection of a Webex session despite being expelled.\n\n## **Critical Cisco Flaws**\n\nCisco on Wednesday also plugged up three critical-severity vulnerabilities. One of these is an issue in the [API subsystem of Cisco Integrated Management Controller](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd>) (IMC) that could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.\n\nCisco IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers \u2013 allowing system management in the data center and across distributed branch-office locations.\n\n\u201cAn attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system,\u201d according to Cisco. \u201cWhen this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).\u201d\n\nThe [second critical flaw exists](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc>) in the web-based management interface of Cisco DNA Spaces Connector, and could enable an unauthenticated, remote attacker to execute arbitrary commands on an affected device.\n\nCisco DNA Spaces is a location aware, task management cloud-based application. The connector helps users connect DNA Spaces in their environment.\n\n\u201cA successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user,\u201d according to Cisco.\n\nFinally, Cisco [fixed a glitch](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F>) in the REST API of Cisco IoT Field Network Director (FND) \u2013 its network management system for FAN deployment at scale \u2013 which could allow an unauthenticated, remote attacker to access the back-end database of an affected system. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information, according to Cisco.\n\nThe newest slew of patches comes after Cisco rushed out a [patch for a critical vulnerability](<https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/>) in its Security Manager, after proof-of-concept (PoC) exploit code was published. And, last week, the networking giant [warned of a high-severity flaw](<https://threatpost.com/high-severity-cisco-dos-flaw-asr-routers/161115/>) in Cisco\u2019s IOS XR software that could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). Cisco also recently disclosed a [zero-day vulnerability](<https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/>) in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software.\n", "modified": "2020-11-18T18:58:08", "published": "2020-11-18T18:58:08", "id": "THREATPOST:8A5B77A578DFAA9ED756B8B13294B030", "href": "https://threatpost.com/cisco-webex-flaw-snooping/161355/", "type": "threatpost", "title": "Cisco Webex 'Ghost' Flaw Opens Meetings to Snooping", "cvss": {"score": 0.0, "vector": "NONE"}}]}