Advisory ID: cisco-sa-cma-turn-crdr-RHjSzKXn Vulnerability Type: Missing TURN Server Credentials Expiration Severity: Medium CVE: CVE-2020-3197 CWE: CWE-287 Cisco Bug ID: CSCvs98090 CVSS Score: Base 4.3 First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available From the screenshot, we can gather that: The Cisco Meetings App has an API subsystem vulnerability which could allow an attacker to retain and reuse Traversal Using Relay NAT (TURN) server credentials. This is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this by intercepting legitimate traffic, allowing them to obtain the TURN server credentials and use it for malicious purposes like setting up audio/video calls or forwarding packets through the configured TURN server. However, the attacker can't control the TURN server unless the same credentials are used in multiple systems. At the time of the advisory's publication, all releases of Cisco Meetings App were affected. No workarounds were provided to address the vulnerability. The Cisco Product Security Incident Response Team wasn't aware of any public announcements or malicious use of this vulnerability. This vulnerability was reported by Muhammad Ra'fat and John Bergvall. The advisory recommends that customers regularly consult advisories for Cisco products during software upgrades and ensure devices to be upgraded have sufficient memory and compatible hardware and software configurations.