Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-20395

Disclosure Date: July 17, 2024 •

CVE-2024-20395

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.

This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco Webex Teams 3.0.13464.0

Cisco Webex Teams 3.0.13538.0

Cisco Webex Teams 3.0.13588.0

Cisco Webex Teams 3.0.14154.0

Cisco Webex Teams 3.0.14234.0

Cisco Webex Teams 3.0.14375.0

Cisco Webex Teams 3.0.14741.0

Cisco Webex Teams 3.0.14866.0

Cisco Webex Teams 3.0.15015.0

Cisco Webex Teams 3.0.15036.0

Cisco Webex Teams 3.0.15092.0

Cisco Webex Teams 3.0.15131.0

Cisco Webex Teams 3.0.15164.0

Cisco Webex Teams 3.0.15221.0

Cisco Webex Teams 3.0.15333.0

Cisco Webex Teams 3.0.15410.0

Cisco Webex Teams 3.0.15485.0

Cisco Webex Teams 3.0.15645.0

Cisco Webex Teams 3.0.15711.0

Cisco Webex Teams 3.0.16040.0

Cisco Webex Teams 3.0.16269.0

Cisco Webex Teams 3.0.16273.0

Cisco Webex Teams 3.0.16285.0

Cisco Webex Teams 4.0

Cisco Webex Teams 4.1

Cisco Webex Teams 4.10

Cisco Webex Teams 4.12

Cisco Webex Teams 4.13

Cisco Webex Teams 4.14

Cisco Webex Teams 4.15

Cisco Webex Teams 4.16

Cisco Webex Teams 4.17

Cisco Webex Teams 4.18

Cisco Webex Teams 4.19

Cisco Webex Teams 4.2

Cisco Webex Teams 4.20

Cisco Webex Teams 4.3

Cisco Webex Teams 4.4

Cisco Webex Teams 4.5

Cisco Webex Teams 4.6

Cisco Webex Teams 4.8

Cisco Webex Teams 4.9

Cisco Webex Teams 4.1.57

Cisco Webex Teams 4.1.92

Cisco Webex Teams 4.10.343

Cisco Webex Teams 4.11.211

Cisco Webex Teams 4.12.236

Cisco Webex Teams 4.13.200

Cisco Webex Teams 4.2.42

Cisco Webex Teams 4.2.75

Cisco Webex Teams 4.5.224

Cisco Webex Teams 4.6.197

Cisco Webex Teams 4.7.78

Cisco Webex Teams 4.8.170

Cisco Webex Teams 4.9.205

Cisco Webex Teams 4.9.252

Cisco Webex Teams 4.9.269

Cisco Webex Teams 42.1.0.169

Cisco Webex Teams 42.1.0.21190

Cisco Webex Teams 42.1.0.2219

Cisco Webex Teams 42.10

Cisco Webex Teams 42.10.0.23814

Cisco Webex Teams 42.10.0.24000

Cisco Webex Teams 42.11

Cisco Webex Teams 42.11.0.24187

Cisco Webex Teams 42.12

Cisco Webex Teams 42.12.0.24485

Cisco Webex Teams 42.2

Cisco Webex Teams 42.2.0.21338

Cisco Webex Teams 42.2.0.21486

Cisco Webex Teams 42.3

Cisco Webex Teams 42.3.0.21576

Cisco Webex Teams 42.4.1.22032

Cisco Webex Teams 42.5.0.22259

Cisco Webex Teams 42.6

Cisco Webex Teams 42.6.0.22565

Cisco Webex Teams 42.6.0.22645

Cisco Webex Teams 42.7

Cisco Webex Teams 42.7.0.22904

Cisco Webex Teams 42.7.0.23054

Cisco Webex Teams 42.8

Cisco Webex Teams 42.8.0.23214

Cisco Webex Teams 42.8.0.23281

Cisco Webex Teams 42.9

Cisco Webex Teams 42.9.0.23494

Cisco Webex Teams 43.1

Cisco Webex Teams 43.1.0.24716

Cisco Webex Teams 43.2

Cisco Webex Teams 43.2.0.25157

Cisco Webex Teams 43.2.0.25211

Cisco Webex Teams 43.3

Cisco Webex Teams 43.3.0.25468

Cisco Webex Teams 43.4

Cisco Webex Teams 43.4.0.25788

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Cisco

Products

Cisco Webex Teams

References

Canonical

CVE-2024-20395 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20395)

Miscellaneous

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j

Rapid7

Unknown

CVE-2024-20395

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-20395

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-20395

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-20395

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification