CVE-2020-3542

Name of the Vulnerable Software and Affected Versions: Cisco Webex Training (affected versions not specified)

Description: The issue is related to improper validation of input to API requests, allowing an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. This could be achieved by sending an API request that returns a URL with a prepopulated meeting join page, including the meeting username and password. A successful exploit would allow the attacker to join the meeting and be visible in the attendee list. The vulnerability is also described as being related to insufficient validation of input data, which could enable a remote attacker to gain unauthorized access to protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.