How severe is CVE-2020-3342?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-3342?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2020-3342 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.

Related Vulnerabilities

CVE-2017-11364

HIGH

CVSS:8.8(High)

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate ...

CWE-2952017

CVE-2017-3218

HIGH

CVSS:8.8(High)

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.

CWE-2952017

CVE-2017-3563

HIGH

CVSS:8.8(High)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vu...

CWE-2952017

CVE-2018-8059

HIGH

CVSS:8.8(High)

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no p...

CWE-2952018

CVE-2021-20695

HIGH

CVSS:8.8(High)

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vector...

CWE-2952021

CVE-2021-37218

HIGH

CVSS:8.8(High)

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in...

CWE-2952021