Cisco Webex App Media Retrieval Vulnerability Allows Session Token Theft
CVE-2024-20395 Published on July 17, 2024
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
Unprotected Transport of Credentials
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
Products Associated with CVE-2024-20395
Want to know whenever a new CVE is published for Cisco Webex Teams? stack.watch will email you.
Affected Versions
Cisco Webex Teams:- Version 3.0.13464.0 is affected.
- Version 3.0.13538.0 is affected.
- Version 3.0.13588.0 is affected.
- Version 3.0.14154.0 is affected.
- Version 3.0.14234.0 is affected.
- Version 3.0.14375.0 is affected.
- Version 3.0.14741.0 is affected.
- Version 3.0.14866.0 is affected.
- Version 3.0.15015.0 is affected.
- Version 3.0.15036.0 is affected.
- Version 3.0.15092.0 is affected.
- Version 3.0.15131.0 is affected.
- Version 3.0.15164.0 is affected.
- Version 3.0.15221.0 is affected.
- Version 3.0.15333.0 is affected.
- Version 3.0.15410.0 is affected.
- Version 3.0.15485.0 is affected.
- Version 3.0.15645.0 is affected.
- Version 3.0.15711.0 is affected.
- Version 3.0.16040.0 is affected.
- Version 3.0.16269.0 is affected.
- Version 3.0.16273.0 is affected.
- Version 3.0.16285.0 is affected.
- Version 4.0 is affected.
- Version 4.1 is affected.
- Version 4.10 is affected.
- Version 4.12 is affected.
- Version 4.13 is affected.
- Version 4.14 is affected.
- Version 4.15 is affected.
- Version 4.16 is affected.
- Version 4.17 is affected.
- Version 4.18 is affected.
- Version 4.19 is affected.
- Version 4.2 is affected.
- Version 4.20 is affected.
- Version 4.3 is affected.
- Version 4.4 is affected.
- Version 4.5 is affected.
- Version 4.6 is affected.
- Version 4.8 is affected.
- Version 4.9 is affected.
- Version 4.1.57 is affected.
- Version 4.1.92 is affected.
- Version 4.10.343 is affected.
- Version 4.11.211 is affected.
- Version 4.12.236 is affected.
- Version 4.13.200 is affected.
- Version 4.2.42 is affected.
- Version 4.2.75 is affected.
- Version 4.5.224 is affected.
- Version 4.6.197 is affected.
- Version 4.7.78 is affected.
- Version 4.8.170 is affected.
- Version 4.9.205 is affected.
- Version 4.9.252 is affected.
- Version 4.9.269 is affected.
- Version 42.1.0.169 is affected.
- Version 42.1.0.21190 is affected.
- Version 42.1.0.2219 is affected.
- Version 42.10 is affected.
- Version 42.10.0.23814 is affected.
- Version 42.10.0.24000 is affected.
- Version 42.11 is affected.
- Version 42.11.0.24187 is affected.
- Version 42.12 is affected.
- Version 42.12.0.24485 is affected.
- Version 42.2 is affected.
- Version 42.2.0.21338 is affected.
- Version 42.2.0.21486 is affected.
- Version 42.3 is affected.
- Version 42.3.0.21576 is affected.
- Version 42.4.1.22032 is affected.
- Version 42.5.0.22259 is affected.
- Version 42.6 is affected.
- Version 42.6.0.22565 is affected.
- Version 42.6.0.22645 is affected.
- Version 42.7 is affected.
- Version 42.7.0.22904 is affected.
- Version 42.7.0.23054 is affected.
- Version 42.8 is affected.
- Version 42.8.0.23214 is affected.
- Version 42.8.0.23281 is affected.
- Version 42.9 is affected.
- Version 42.9.0.23494 is affected.
- Version 43.1 is affected.
- Version 43.1.0.24716 is affected.
- Version 43.2 is affected.
- Version 43.2.0.25157 is affected.
- Version 43.2.0.25211 is affected.
- Version 43.3 is affected.
- Version 43.3.0.25468 is affected.
- Version 43.4 is affected.
- Version 43.4.0.25788 is affected.
- Version 3.0.13464.0 is affected.
- Version 3.0.13538.0 is affected.
- Version 3.0.13588.0 is affected.
- Version 3.0.14154.0 is affected.
- Version 3.0.14234.0 is affected.
- Version 3.0.14375.0 is affected.
- Version 3.0.14741.0 is affected.
- Version 3.0.14866.0 is affected.
- Version 3.0.15015.0 is affected.
- Version 3.0.15036.0 is affected.
- Version 3.0.15092.0 is affected.
- Version 3.0.15131.0 is affected.
- Version 3.0.15164.0 is affected.
- Version 3.0.15221.0 is affected.
- Version 3.0.15333.0 is affected.
- Version 3.0.15410.0 is affected.
- Version 3.0.15485.0 is affected.
- Version 3.0.15645.0 is affected.
- Version 3.0.15711.0 is affected.
- Version 3.0.16040.0 is affected.
- Version 3.0.16269.0 is affected.
- Version 3.0.16273.0 is affected.
- Version 3.0.16285.0 is affected.
- Version 4.0 is affected.
- Version 4.1 is affected.
- Version 4.10 is affected.
- Version 4.12 is affected.
- Version 4.13 is affected.
- Version 4.14 is affected.
- Version 4.15 is affected.
- Version 4.16 is affected.
- Version 4.17 is affected.
- Version 4.18 is affected.
- Version 4.19 is affected.
- Version 4.2 is affected.
- Version 4.20 is affected.
- Version 4.3 is affected.
- Version 4.4 is affected.
- Version 4.5 is affected.
- Version 4.6 is affected.
- Version 4.8 is affected.
- Version 4.9 is affected.
- Version 4.1.57 is affected.
- Version 4.1.92 is affected.
- Version 4.10.343 is affected.
- Version 4.11.211 is affected.
- Version 4.12.236 is affected.
- Version 4.13.200 is affected.
- Version 4.2.42 is affected.
- Version 4.2.75 is affected.
- Version 4.5.224 is affected.
- Version 4.6.197 is affected.
- Version 4.7.78 is affected.
- Version 4.8.170 is affected.
- Version 4.9.205 is affected.
- Version 4.9.252 is affected.
- Version 4.9.269 is affected.
- Version 42.1.0.169 is affected.
- Version 42.1.0.21190 is affected.
- Version 42.1.0.2219 is affected.
- Version 42.10 is affected.
- Version 42.10.0.23814 is affected.
- Version 42.10.0.24000 is affected.
- Version 42.11 is affected.
- Version 42.11.0.24187 is affected.
- Version 42.12 is affected.
- Version 42.12.0.24485 is affected.
- Version 42.2 is affected.
- Version 42.2.0.21338 is affected.
- Version 42.2.0.21486 is affected.
- Version 42.3 is affected.
- Version 42.3.0.21576 is affected.
- Version 42.4.1.22032 is affected.
- Version 42.5.0.22259 is affected.
- Version 42.6 is affected.
- Version 42.6.0.22565 is affected.
- Version 42.6.0.22645 is affected.
- Version 42.7 is affected.
- Version 42.7.0.22904 is affected.
- Version 42.7.0.23054 is affected.
- Version 42.8 is affected.
- Version 42.8.0.23214 is affected.
- Version 42.8.0.23281 is affected.
- Version 42.9 is affected.
- Version 42.9.0.23494 is affected.
- Version 43.1 is affected.
- Version 43.1.0.24716 is affected.
- Version 43.2 is affected.
- Version 43.2.0.25157 is affected.
- Version 43.2.0.25211 is affected.
- Version 43.3 is affected.
- Version 43.3.0.25468 is affected.
- Version 43.4 is affected.
- Version 43.4.0.25788 is affected.
Exploit Probability
EPSS
0.21%
Percentile
42.60%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.