CVE-2024-20395

Name of the Vulnerable Software and Affected Versions: Cisco Webex App (affected versions not specified)

Description: A vulnerability in the media retrieval functionality could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This issue is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.