CVE-2023-20180 MEDIUM

CVE-2023-20180

Vendor Cisco
Product Cisco Webex Meetings
Weakness CWE-352 · CSRF
Published July 7, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.

Key dates

02Disclosure timeline

July 7, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22328 WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability CVE-2024-13933 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions CVE-2024-32440 WordPress Asgaros Forum plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-2245 Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF CVE-2025-64498 Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability