Detections
Analytics

Cisco Webex Meetings Scheduled Meeting Template Creation (cisco-sa-webex-smtcreate-YmuD5Sk)

medium Nessus Plugin ID 139600

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco Webex Meetings is affected by a vulnerability in certain web pages due to improper checks on parameter values within affected pages. An unauthenticated, remote attacker can exploit this, by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter, in order to modify a web page in the context of a browser.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in the Cisco advisory

See Also

http://www.nessus.org/u?adcf44a4

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt75607

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu00484

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu06679

Plugin Details

Severity: Medium

ID: 139600

File Name: cisco-sa-webex-html-BJ4Y9tX.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 8/14/2020

Updated: 6/29/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-3345

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:webex_meetings

Required KB Items: installed_sw/Cisco Webex Meetings

Exploit Ease: No known exploits are available

Patch Publication Date: 8/5/2020

Vulnerability Publication Date: 8/5/2020

Reference Information

CVE: CVE-2020-3345

CWE: 284

CISCO-SA: cisco-sa-webex-html-BJ4Y9tX

IAVA: 2020-A-0273

CISCO-BUG-ID: CSCvt75607, CSCvu00484, CSCvu06679