CVE-2024-20396
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
17/07/2024
Last modified:
31/07/2025
Description
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.<br />
<br />
This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:-:*:* | ||
| cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:-:*:* |
To consult the complete list of CPE names with products and versions, see this page