CVE-2020-3131

Name of the Vulnerable Software and Affected Versions Cisco Webex Teams client for Windows version 3.0.13131

Description A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The issue is due to insufficient input validation when processing received adaptive cards. An attacker could exploit this by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows, potentially causing the targeted user's client to crash continuously.

Recommendations For Cisco Webex Teams client for Windows version 3.0.13131, consider updating to a version that fixes the issue with insufficient input validation for adaptive cards, although the specific fixed version is not provided in the available information. As a temporary workaround, restricting the receipt of adaptive cards from untrusted sources may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.