CVE-2020-3471— Cisco Webex Meetings 输入验证错误漏洞

Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

输入验证不恰当

Cisco Webex Meetings 输入验证错误漏洞

Cisco Webex Meetings是美国思科（Cisco）公司的一套视频会议解决方案。 Cisco Webex Meetings 和 Cisco Webex Meetings Server存在安全漏洞，该漏洞源于易受攻击的Webex网站上会议和媒体服务之间的同步问题造成的。攻击者可利用该漏洞在被驱逐出活动Webex会话的情况下保持双向音频。一个成功的漏洞可以让攻击者在被驱逐的情况下保持Webex会话的音频连接。

N/A

N/A