CVE-2020-3197— Cisco Meetings App 授权问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2020-3197の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
认证机制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Meetings App 授权问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Meetings App是美国思科(Cisco)公司的一款视频会议应用程序。 Cisco Meetings App中的API subsystem存在授权问题漏洞,该漏洞源于TURN服务器凭据的保护机制存在缺陷。远程攻击者可通过拦截合法流量利用该漏洞获取并重新使用Traversal Using Relay NAT (TURN)服务器凭证。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Cisco | Cisco Meeting App | n/a | - |
II. CVE-2020-3197の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2020-3197のインテリジェンス情報
请登录查看更多情报信息。
- Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerabilityvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2020-3197
Same Patch Batch · Cisco · 2020-07-16 · 33 CVEs total
| CVE-2020-3357 | 9.8 CRITICAL | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execut |
| CVE-2020-3358 | 8.6 HIGH | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service |
| CVE-2020-3372 | 6.5 MEDIUM | Cisco SD-WAN vManage Software Denial of Service Vulnerability |
| CVE-2020-3450 | 4.9 MEDIUM | Cisco Vision Dynamic Signage Director SQL Injection Vulnerability |
| CVE-2020-3146 | Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execut | |
| CVE-2020-3150 | Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability | |
| CVE-2020-3180 | Cisco SD-WAN Solution Software Static Credentials Vulnerability | |
| CVE-2020-3323 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote | |
| CVE-2020-3330 | Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerabilit | |
| CVE-2020-3331 | Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability | |
| CVE-2020-3332 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Inject | |
| CVE-2020-3345 | Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability | |
| CVE-2020-3348 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities | |
| CVE-2020-3145 | Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execut | |
| CVE-2020-3349 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities | |
| CVE-2020-3351 | Cisco SD-WAN Solution Software Denial of Service Vulnerability | |
| CVE-2020-3144 | Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability | |
| CVE-2020-3140 | Cisco Prime License Manager Privilege Escalation Vulnerability | |
| CVE-2020-3369 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability | |
| CVE-2020-3370 | Cisco Content Security Management Appliance Filter Bypass Vulnerability |
Showing 20 of 33 CVEs. View all on vendor page →
IV. 関連脆弱性
同じベンダー: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
同じ弱点: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. CVE-2020-3197へのコメント
まだコメントはありません