CVE-2020-3472 — Vulnetix

CVE-2020-3472 PUBLISHED CVSS 5 MEDIUM

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.

EPSS 0.12% · 31.3th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS Score

0.12%

31.3th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Webex Meetings	n/a
cisco	webex_meetings_online	0

Exploit Intelligence

20200805 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability (circl)

Timeline

Aug 17, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 8, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score

References

20200805 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-3472 advisory

Open in Interactive Console →