CVE-2020-3502

MEDIUM

Cisco Webex Meetings < 39.5.24 - Authenticated Information Disclosure via Malicious URL Path Parameters

Title source: llm

Description

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp

Scores

CVSS v3 4.1

EPSS 0.0016

EPSS Percentile 37.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (4)

cisco/webex_meetings 39.7.4

cisco/webex_meetings < 39.5.24

cisco/webex_meetings_server 3.0 (4 CPE variants)

cisco/webex_meetings_server 4.0 (3 CPE variants)

Published Aug 17, 2020

Tracked Since Feb 18, 2026