CVE-2020-3413 MEDIUM

CVE-2020-3413: Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability

Vendor Cisco
Product Cisco Webex Meetings
Weakness CWE-284
Published August 17, 2020
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves.

Key dates

02Disclosure timeline

August 17, 2020 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform CVE-2024-23675 Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions CVE-2022-41659 CVE-2026-41487 Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys