CVE-2020-3342

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Desktop App for Mac (affected versions not specified)

Description A vulnerability in the software update feature could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The issue is due to improper validation of cryptographic protections on files downloaded by the application as part of a software update. An attacker could exploit this by persuading a user to visit a website that returns files similar to those from a valid Webex website, potentially causing the client to fail in properly validating the cryptographic protections before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.