CVE-2024-20396

Summary

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Webex Teams3.0.13464.0affected
CiscoCisco Webex Teams3.0.13538.0affected
CiscoCisco Webex Teams3.0.13588.0affected
CiscoCisco Webex Teams3.0.14154.0affected
CiscoCisco Webex Teams3.0.14234.0affected
CiscoCisco Webex Teams3.0.14375.0affected
CiscoCisco Webex Teams3.0.14741.0affected
CiscoCisco Webex Teams3.0.14866.0affected
CiscoCisco Webex Teams3.0.15015.0affected
CiscoCisco Webex Teams3.0.15036.0affected
CiscoCisco Webex Teams3.0.15092.0affected
CiscoCisco Webex Teams3.0.15131.0affected
CiscoCisco Webex Teams3.0.15164.0affected
CiscoCisco Webex Teams3.0.15221.0affected
CiscoCisco Webex Teams3.0.15333.0affected
CiscoCisco Webex Teams3.0.15410.0affected
CiscoCisco Webex Teams3.0.15485.0affected
CiscoCisco Webex Teams3.0.15645.0affected
CiscoCisco Webex Teams3.0.15711.0affected
CiscoCisco Webex Teams3.0.16040.0affected
CiscoCisco Webex Teams3.0.16269.0affected
CiscoCisco Webex Teams3.0.16273.0affected
CiscoCisco Webex Teams3.0.16285.0affected
CiscoCisco Webex Teams42.1.0.21190affected
CiscoCisco Webex Teams42.10.0.23814affected
CiscoCisco Webex Teams42.11.0.24187affected
CiscoCisco Webex Teams42.12.0.24485affected
CiscoCisco Webex Teams42.2.0.21338affected
CiscoCisco Webex Teams42.2.0.21486affected
CiscoCisco Webex Teams42.3.0.21576affected
CiscoCisco Webex Teams42.4.1.22032affected
CiscoCisco Webex Teams42.5.0.22259affected
CiscoCisco Webex Teams42.6.0.22565affected
CiscoCisco Webex Teams42.6.0.22645affected
CiscoCisco Webex Teams42.7.0.22904affected
CiscoCisco Webex Teams42.7.0.23054affected
CiscoCisco Webex Teams42.8.0.23214affected
CiscoCisco Webex Teams42.8.0.23281affected
CiscoCisco Webex Teams42.9.0.23494affected
CiscoCisco Webex Teams43.1.0.24716affected
CiscoCisco Webex Teams43.2.0.25157affected
CiscoCisco Webex Teams43.2.0.25211affected
CiscoCisco Webex Teams43.3.0.25468affected
CiscoCisco Webex Teams43.4.0.25788affected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References