CVE-2024-20395

Summary

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Webex Teams3.0.13464.0affected
CiscoCisco Webex Teams3.0.13538.0affected
CiscoCisco Webex Teams3.0.13588.0affected
CiscoCisco Webex Teams3.0.14154.0affected
CiscoCisco Webex Teams3.0.14234.0affected
CiscoCisco Webex Teams3.0.14375.0affected
CiscoCisco Webex Teams3.0.14741.0affected
CiscoCisco Webex Teams3.0.14866.0affected
CiscoCisco Webex Teams3.0.15015.0affected
CiscoCisco Webex Teams3.0.15036.0affected
CiscoCisco Webex Teams3.0.15092.0affected
CiscoCisco Webex Teams3.0.15131.0affected
CiscoCisco Webex Teams3.0.15164.0affected
CiscoCisco Webex Teams3.0.15221.0affected
CiscoCisco Webex Teams3.0.15333.0affected
CiscoCisco Webex Teams3.0.15410.0affected
CiscoCisco Webex Teams3.0.15485.0affected
CiscoCisco Webex Teams3.0.15645.0affected
CiscoCisco Webex Teams3.0.15711.0affected
CiscoCisco Webex Teams3.0.16040.0affected
CiscoCisco Webex Teams3.0.16269.0affected
CiscoCisco Webex Teams3.0.16273.0affected
CiscoCisco Webex Teams3.0.16285.0affected
CiscoCisco Webex Teams4.0affected
CiscoCisco Webex Teams4.1affected
CiscoCisco Webex Teams4.10affected
CiscoCisco Webex Teams4.12affected
CiscoCisco Webex Teams4.13affected
CiscoCisco Webex Teams4.14affected
CiscoCisco Webex Teams4.15affected
CiscoCisco Webex Teams4.16affected
CiscoCisco Webex Teams4.17affected
CiscoCisco Webex Teams4.18affected
CiscoCisco Webex Teams4.19affected
CiscoCisco Webex Teams4.2affected
CiscoCisco Webex Teams4.20affected
CiscoCisco Webex Teams4.3affected
CiscoCisco Webex Teams4.4affected
CiscoCisco Webex Teams4.5affected
CiscoCisco Webex Teams4.6affected
CiscoCisco Webex Teams4.8affected
CiscoCisco Webex Teams4.9affected
CiscoCisco Webex Teams4.1.57affected
CiscoCisco Webex Teams4.1.92affected
CiscoCisco Webex Teams4.10.343affected
CiscoCisco Webex Teams4.11.211affected
CiscoCisco Webex Teams4.12.236affected
CiscoCisco Webex Teams4.13.200affected
CiscoCisco Webex Teams4.2.42affected
CiscoCisco Webex Teams4.2.75affected
CiscoCisco Webex Teams4.5.224affected
CiscoCisco Webex Teams4.6.197affected
CiscoCisco Webex Teams4.7.78affected
CiscoCisco Webex Teams4.8.170affected
CiscoCisco Webex Teams4.9.205affected
CiscoCisco Webex Teams4.9.252affected
CiscoCisco Webex Teams4.9.269affected
CiscoCisco Webex Teams42.1.0.169affected
CiscoCisco Webex Teams42.1.0.21190affected
CiscoCisco Webex Teams42.1.0.2219affected
CiscoCisco Webex Teams42.10affected
CiscoCisco Webex Teams42.10.0.23814affected
CiscoCisco Webex Teams42.10.0.24000affected
CiscoCisco Webex Teams42.11affected
CiscoCisco Webex Teams42.11.0.24187affected
CiscoCisco Webex Teams42.12affected
CiscoCisco Webex Teams42.12.0.24485affected
CiscoCisco Webex Teams42.2affected
CiscoCisco Webex Teams42.2.0.21338affected
CiscoCisco Webex Teams42.2.0.21486affected
CiscoCisco Webex Teams42.3affected
CiscoCisco Webex Teams42.3.0.21576affected
CiscoCisco Webex Teams42.4.1.22032affected
CiscoCisco Webex Teams42.5.0.22259affected
CiscoCisco Webex Teams42.6affected
CiscoCisco Webex Teams42.6.0.22565affected
CiscoCisco Webex Teams42.6.0.22645affected
CiscoCisco Webex Teams42.7affected
CiscoCisco Webex Teams42.7.0.22904affected
CiscoCisco Webex Teams42.7.0.23054affected
CiscoCisco Webex Teams42.8affected
CiscoCisco Webex Teams42.8.0.23214affected
CiscoCisco Webex Teams42.8.0.23281affected
CiscoCisco Webex Teams42.9affected
CiscoCisco Webex Teams42.9.0.23494affected
CiscoCisco Webex Teams43.1affected
CiscoCisco Webex Teams43.1.0.24716affected
CiscoCisco Webex Teams43.2affected
CiscoCisco Webex Teams43.2.0.25157affected
CiscoCisco Webex Teams43.2.0.25211affected
CiscoCisco Webex Teams43.3affected
CiscoCisco Webex Teams43.3.0.25468affected
CiscoCisco Webex Teams43.4affected
CiscoCisco Webex Teams43.4.0.25788affected

Weaknesses

  • CWE-523: Unprotected Transport of Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References