CVE-2020-3131 — Vulnetix

CVE-2020-3131 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131.

EPSS 0.73% · 73.1th percentile

Risk Scores

CVSS 3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.73%

73.1th percentile

Affected Products

Vendor	Product	Versions
cisco	webex_teams	0
Cisco	Cisco Webex Teams	3.0.13131

Exploit Intelligence

20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability (circl)

Timeline

Jan 26, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-3131 advisory

Open in Interactive Console →