How severe is CVE-2020-3419?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2020-3419?

This is classified as CWE-913, which is a common weakness in software security.

CVE-2020-3419 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.

Related Vulnerabilities

CVE-2021-23267

HIGH

CVSS:8.8(High)

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

CWE-9132021

CVE-2022-39051

HIGH

CVSS:8.8(High)

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package

CWE-9132022

CVE-2024-7297

HIGH

CVSS:8.8(High)

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request...

CWE-9132024

CVE-2021-21413

CRITICAL

CVSS:9.6(Critical)

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed...

CWE-9132021

CVE-2022-31764

HIGH

CVSS:8.5(High)

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3...

CWE-9132022

CVE-2014-9852

CRITICAL

CVSS:9.8(Critical)

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

CWE-9132014