This threat report is about a Cisco Webex Meetings Desktop App vulnerability referred to as CVE-2020-3263. Because of its high severity impact, CVE-2020-3263 has been given a 7.5 base CVSS Score.
The exploitation of this vulnerability could allow a remote unauthenticated attacker to execute programs on an end user's system. Cisco has released software updates to remediate this vulnerability in the affected product versions, and the link is provided at the end of this threat report.
This vulnerability is caused by improper input validation supplied to application URLs in Cisco Webex Meetings Desktop App versions 39.5.12 and prior. When software does not validate input properly, the control flow and data flow of the program can be affected.
If an attacker successfully gains initial access to a vulnerable system, they could use this weakness to manipulate the input the application receives. Improper Input Validation is a common weakness referred to as CWE-20.
An attacker could exploit CVE-2020-3263 by persuading a user to follow a malicious URL. Successful exploitation could allow the attacker to influence the application to run programs already present on the machine. If any malicious files have been planted on the host or on an accessible network file path, the attacker could execute arbitrary code on the system.
The exploitation of this vulnerability could have a critical impact on an organization since it could lead to arbitrary code execution and resource control. If a device is successfully compromised, it could lead to additional hosts being affected on the network.
Avertium highly recommends you verify all devices running Cisco Webex Meetings Desktop App have installed the latest update to remediate this vulnerability. See below for more information and the CVE-2020-3263 update link.
Cisco Security Advisory (Update information): https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/vulnerabilities/183595
CWE-20: (Improper Input Validation): http://cwe.mitre.org/data/definitions/20.html
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available at the time of publication.
Deciding between running an in-house SOC vs. using managed security services (MSS) to add more rigor, more relevance, and more responsiveness to your cybersecurity program? Compare the two options. Download the e-book!