{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20395","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.659Z","datePublished":"2024-07-17T16:32:07.102Z","dateUpdated":"2024-08-01T21:59:42.341Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-07-17T16:32:07.102Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."}],"affected":[{"vendor":"Cisco","product":"Cisco Webex Teams","versions":[{"version":"3.0.13464.0","status":"affected"},{"version":"3.0.13538.0","status":"affected"},{"version":"3.0.13588.0","status":"affected"},{"version":"3.0.14154.0","status":"affected"},{"version":"3.0.14234.0","status":"affected"},{"version":"3.0.14375.0","status":"affected"},{"version":"3.0.14741.0","status":"affected"},{"version":"3.0.14866.0","status":"affected"},{"version":"3.0.15015.0","status":"affected"},{"version":"3.0.15036.0","status":"affected"},{"version":"3.0.15092.0","status":"affected"},{"version":"3.0.15131.0","status":"affected"},{"version":"3.0.15164.0","status":"affected"},{"version":"3.0.15221.0","status":"affected"},{"version":"3.0.15333.0","status":"affected"},{"version":"3.0.15410.0","status":"affected"},{"version":"3.0.15485.0","status":"affected"},{"version":"3.0.15645.0","status":"affected"},{"version":"3.0.15711.0","status":"affected"},{"version":"3.0.16040.0","status":"affected"},{"version":"3.0.16269.0","status":"affected"},{"version":"3.0.16273.0","status":"affected"},{"version":"3.0.16285.0","status":"affected"},{"version":"4.0","status":"affected"},{"version":"4.1","status":"affected"},{"version":"4.10","status":"affected"},{"version":"4.12","status":"affected"},{"version":"4.13","status":"affected"},{"version":"4.14","status":"affected"},{"version":"4.15","status":"affected"},{"version":"4.16","status":"affected"},{"version":"4.17","status":"affected"},{"version":"4.18","status":"affected"},{"version":"4.19","status":"affected"},{"version":"4.2","status":"affected"},{"version":"4.20","status":"affected"},{"version":"4.3","status":"affected"},{"version":"4.4","status":"affected"},{"version":"4.5","status":"affected"},{"version":"4.6","status":"affected"},{"version":"4.8","status":"affected"},{"version":"4.9","status":"affected"},{"version":"4.1.57","status":"affected"},{"version":"4.1.92","status":"affected"},{"version":"4.10.343","status":"affected"},{"version":"4.11.211","status":"affected"},{"version":"4.12.236","status":"affected"},{"version":"4.13.200","status":"affected"},{"version":"4.2.42","status":"affected"},{"version":"4.2.75","status":"affected"},{"version":"4.5.224","status":"affected"},{"version":"4.6.197","status":"affected"},{"version":"4.7.78","status":"affected"},{"version":"4.8.170","status":"affected"},{"version":"4.9.205","status":"affected"},{"version":"4.9.252","status":"affected"},{"version":"4.9.269","status":"affected"},{"version":"42.1.0.169","status":"affected"},{"version":"42.1.0.21190","status":"affected"},{"version":"42.1.0.2219","status":"affected"},{"version":"42.10","status":"affected"},{"version":"42.10.0.23814","status":"affected"},{"version":"42.10.0.24000","status":"affected"},{"version":"42.11","status":"affected"},{"version":"42.11.0.24187","status":"affected"},{"version":"42.12","status":"affected"},{"version":"42.12.0.24485","status":"affected"},{"version":"42.2","status":"affected"},{"version":"42.2.0.21338","status":"affected"},{"version":"42.2.0.21486","status":"affected"},{"version":"42.3","status":"affected"},{"version":"42.3.0.21576","status":"affected"},{"version":"42.4.1.22032","status":"affected"},{"version":"42.5.0.22259","status":"affected"},{"version":"42.6","status":"affected"},{"version":"42.6.0.22565","status":"affected"},{"version":"42.6.0.22645","status":"affected"},{"version":"42.7","status":"affected"},{"version":"42.7.0.22904","status":"affected"},{"version":"42.7.0.23054","status":"affected"},{"version":"42.8","status":"affected"},{"version":"42.8.0.23214","status":"affected"},{"version":"42.8.0.23281","status":"affected"},{"version":"42.9","status":"affected"},{"version":"42.9.0.23494","status":"affected"},{"version":"43.1","status":"affected"},{"version":"43.1.0.24716","status":"affected"},{"version":"43.2","status":"affected"},{"version":"43.2.0.25157","status":"affected"},{"version":"43.2.0.25211","status":"affected"},{"version":"43.3","status":"affected"},{"version":"43.3.0.25468","status":"affected"},{"version":"43.4","status":"affected"},{"version":"43.4.0.25788","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Unprotected Transport of Credentials","type":"cwe","cweId":"CWE-523"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j","name":"cisco-sa-webex-app-ZjNm8X8j"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"source":{"advisory":"cisco-sa-webex-app-ZjNm8X8j","discovery":"EXTERNAL","defects":["CSCwj36941","CSCwj36943"]}},"adp":[{"affected":[{"vendor":"cisco","product":"webex_teams","cpes":["cpe:2.3:a:cisco:webex_teams:3.0.13464.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.13538.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.13588.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.14154.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.14234.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.14375.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.14741.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.14866.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15015.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15036.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15092.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15131.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15164.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15221.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15333.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15410.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15645.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.15711.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.16040.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.16269.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.16273.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:3.0.16285.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.0:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.10:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.12:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.13:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.14:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.15:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.16:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.17:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.18:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.19:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.20:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.5:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.6:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.8:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.9:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.1.57:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.1.92:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.10.343:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.11.211:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.12.236:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.13.200:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.2.42:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.2.75:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.5.224:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.6.197:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.7.78:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.8.170:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.9.205:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.9.252:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:4.9.269:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.1.0.169:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.1.0.21190:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.1.0.2219:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.10:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.10.0.23814:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.10.0.24000:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.11:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.11.0.24187:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.12:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.12.0.24485:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.2.0.21338:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.2.0.21486:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.3.0.21576:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.4.1.22032:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.5.0.22259:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.6:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.6.0.22565:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.6.0.22645:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.7:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.7.0.22904:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.7.0.23054:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.8:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.8.0.23214:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.8.0.23281:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.9:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:42.9.0.23494:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.1:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.1.0.24716:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.2:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.2.0.25157:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.2.0.25211:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.3:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.3.0.25468:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.4:*:*:*:*:*:*:*","cpe:2.3:a:cisco:webex_teams:43.4.0.25788:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0.13464.0","status":"affected"},{"version":"3.0.13538.0","status":"affected"},{"version":"3.0.13588.0","status":"affected"},{"version":"3.0.14154.0","status":"affected"},{"version":"3.0.14234.0","status":"affected"},{"version":"3.0.14375.0","status":"affected"},{"version":"3.0.14741.0","status":"affected"},{"version":"3.0.14866.0","status":"affected"},{"version":"3.0.15015.0","status":"affected"},{"version":"3.0.15036.0","status":"affected"},{"version":"3.0.15092.0","status":"affected"},{"version":"3.0.15131.0","status":"affected"},{"version":"3.0.15164.0","status":"affected"},{"version":"3.0.15221.0","status":"affected"},{"version":"3.0.15333.0","status":"affected"},{"version":"3.0.15410.0","status":"affected"},{"version":"3.0.15485.0","status":"affected"},{"version":"3.0.15645.0","status":"affected"},{"version":"3.0.15711.0","status":"affected"},{"version":"3.0.16040.0","status":"affected"},{"version":"3.0.16269.0","status":"affected"},{"version":"3.0.16273.0","status":"affected"},{"version":"3.0.16285.0","status":"affected"},{"version":"4.0","status":"affected"},{"version":"4.1","status":"affected"},{"version":"4.10","status":"affected"},{"version":"4.12","status":"affected"},{"version":"4.13","status":"affected"},{"version":"4.14","status":"affected"},{"version":"4.15","status":"affected"},{"version":"4.16","status":"affected"},{"version":"4.17","status":"affected"},{"version":"4.18","status":"affected"},{"version":"4.19","status":"affected"},{"version":"4.2","status":"affected"},{"version":"4.20","status":"affected"},{"version":"4.3","status":"affected"},{"version":"4.4","status":"affected"},{"version":"4.5","status":"affected"},{"version":"4.6","status":"affected"},{"version":"4.8","status":"affected"},{"version":"4.9","status":"affected"},{"version":"4.1.57","status":"affected"},{"version":"4.1.92","status":"affected"},{"version":"4.10.343","status":"affected"},{"version":"4.11.211","status":"affected"},{"version":"4.12.236","status":"affected"},{"version":"4.13.200","status":"affected"},{"version":"4.2.42","status":"affected"},{"version":"4.2.75","status":"affected"},{"version":"4.5.224","status":"affected"},{"version":"4.6.197","status":"affected"},{"version":"4.7.78","status":"affected"},{"version":"4.8.170","status":"affected"},{"version":"4.9.205","status":"affected"},{"version":"4.9.252","status":"affected"},{"version":"4.9.269","status":"affected"},{"version":"42.1.0.169","status":"affected"},{"version":"42.1.0.21190","status":"affected"},{"version":"42.1.0.2219","status":"affected"},{"version":"42.10","status":"affected"},{"version":"42.10.0.23814","status":"affected"},{"version":"42.10.0.24000","status":"affected"},{"version":"42.11","status":"affected"},{"version":"42.11.0.24187","status":"affected"},{"version":"42.12","status":"affected"},{"version":"42.12.0.24485","status":"affected"},{"version":"42.2","status":"affected"},{"version":"42.2.0.21338","status":"affected"},{"version":"42.2.0.21486","status":"affected"},{"version":"42.3","status":"affected"},{"version":"42.3.0.21576","status":"affected"},{"version":"42.4.1.22032","status":"affected"},{"version":"42.5.0.22259","status":"affected"},{"version":"42.6","status":"affected"},{"version":"42.6.0.22565","status":"affected"},{"version":"42.6.0.22645","status":"affected"},{"version":"42.7","status":"affected"},{"version":"42.7.0.22904","status":"affected"},{"version":"42.7.0.23054","status":"affected"},{"version":"42.8","status":"affected"},{"version":"42.8.0.23214","status":"affected"},{"version":"42.8.0.23281","status":"affected"},{"version":"42.9","status":"affected"},{"version":"42.9.0.23494","status":"affected"},{"version":"43.1","status":"affected"},{"version":"43.1.0.24716","status":"affected"},{"version":"43.2","status":"affected"},{"version":"43.2.0.25157","status":"affected"},{"version":"43.2.0.25211","status":"affected"},{"version":"43.3","status":"affected"},{"version":"43.3.0.25468","status":"affected"},{"version":"43.4","status":"affected"},{"version":"43.4.0.25788","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-18T03:55:23.962265Z","id":"CVE-2024-20395","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-18T13:23:45.549Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:59:42.341Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j","name":"cisco-sa-webex-app-ZjNm8X8j","tags":["x_transferred"]}]}]}}