Detections
Analytics
Cisco Webex Meetings Scheduled Meeting Template Creation (cisco-sa-webex-smtcreate-YmuD5Sk)
medium Nessus Plugin ID 139600
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco Webex Meetings is affected by a vulnerability in certain web pages due to improper checks on parameter values within affected pages. An unauthenticated, remote attacker can exploit this, by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter, in order to modify a web page in the context of a browser.Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in the Cisco advisorySee Also
http://www.nessus.org/u?adcf44a4
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt75607
Plugin Details
Severity: Medium
ID: 139600
File Name: cisco-sa-webex-html-BJ4Y9tX.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 8/14/2020
Updated: 10/23/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2020-3345
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:webex_meetings
Required KB Items: installed_sw/Cisco Webex Meetings
Exploit Ease: No known exploits are available
Patch Publication Date: 8/5/2020
Vulnerability Publication Date: 8/5/2020
Reference Information
CVE: CVE-2020-3345
CWE: 284
CISCO-SA: cisco-sa-webex-html-BJ4Y9tX
IAVA: 2020-A-0273
CISCO-BUG-ID: CSCvt75607, CSCvu00484, CSCvu06679