Cisco Webex App protocol-handler flaw enables traffic eavesdropping
CVE-2024-20396 Published on July 17, 2024
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.
Vulnerability Analysis
CVE-2024-20396 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2024-20396 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2024-20396
Want to know whenever a new CVE is published for Cisco Webex Teams? stack.watch will email you.
Affected Versions
Cisco Webex Teams:- Version 3.0.13464.0 is affected.
- Version 3.0.13538.0 is affected.
- Version 3.0.13588.0 is affected.
- Version 3.0.14154.0 is affected.
- Version 3.0.14234.0 is affected.
- Version 3.0.14375.0 is affected.
- Version 3.0.14741.0 is affected.
- Version 3.0.14866.0 is affected.
- Version 3.0.15015.0 is affected.
- Version 3.0.15036.0 is affected.
- Version 3.0.15092.0 is affected.
- Version 3.0.15131.0 is affected.
- Version 3.0.15164.0 is affected.
- Version 3.0.15221.0 is affected.
- Version 3.0.15333.0 is affected.
- Version 3.0.15410.0 is affected.
- Version 3.0.15485.0 is affected.
- Version 3.0.15645.0 is affected.
- Version 3.0.15711.0 is affected.
- Version 3.0.16040.0 is affected.
- Version 3.0.16269.0 is affected.
- Version 3.0.16273.0 is affected.
- Version 3.0.16285.0 is affected.
- Version 42.1.0.21190 is affected.
- Version 42.10.0.23814 is affected.
- Version 42.11.0.24187 is affected.
- Version 42.12.0.24485 is affected.
- Version 42.2.0.21338 is affected.
- Version 42.2.0.21486 is affected.
- Version 42.3.0.21576 is affected.
- Version 42.4.1.22032 is affected.
- Version 42.5.0.22259 is affected.
- Version 42.6.0.22565 is affected.
- Version 42.6.0.22645 is affected.
- Version 42.7.0.22904 is affected.
- Version 42.7.0.23054 is affected.
- Version 42.8.0.23214 is affected.
- Version 42.8.0.23281 is affected.
- Version 42.9.0.23494 is affected.
- Version 43.1.0.24716 is affected.
- Version 43.2.0.25157 is affected.
- Version 43.2.0.25211 is affected.
- Version 43.3.0.25468 is affected.
- Version 43.4.0.25788 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.