CVE-2020-3502

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings Desktop App (affected versions not specified) Cisco Webex Meetings Server (affected versions not specified)

Description: The issue is related to improper input validation of parameters returned to the application from a website, which could allow an authenticated, remote attacker to obtain restricted information from other Webex users. An attacker with a valid Webex account could exploit this by persuading a user to follow a maliciously designed URL that returns malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

Recommendations: For Cisco Webex Meetings Desktop App, update the software to a version that includes proper input validation to prevent exploitation. For Cisco Webex Meetings Server, ensure that all input parameters are thoroughly validated to prevent unauthorized access to restricted information. As a temporary workaround, consider restricting access to sensitive information within the Webex environment until a patch is available.