CVE-2020-3541

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings Client for Windows versions (affected versions not specified) Cisco Webex Meetings Desktop App for Windows versions (affected versions not specified) Cisco Webex Teams for Windows versions (affected versions not specified)

Description: The issue is related to unsafe logging of authentication requests by the affected software, which could allow an authenticated, local attacker to gain access to sensitive information. An attacker could exploit this by reading log files stored in the application directory, potentially using the gained information in further attacks.

Recommendations: For Cisco Webex Meetings Client for Windows, consider restricting access to the application directory to minimize the risk of exploitation. For Cisco Webex Meetings Desktop App for Windows, avoid storing sensitive information in the log files until a fix is available. For Cisco Webex Teams for Windows, as a temporary workaround, consider disabling the logging of authentication requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.