Rewterz Threat Advisory – CVE-2020-3973 – VMware VeloCloud SQL-injection vulnerability
July 8, 2020Rewterz Threat Alert – Latest LokiBot Malware – IOCs
July 8, 2020Rewterz Threat Advisory – CVE-2020-3973 – VMware VeloCloud SQL-injection vulnerability
July 8, 2020Rewterz Threat Alert – Latest LokiBot Malware – IOCs
July 8, 2020Severity
Medium
Analysis Summary
The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.
Impact
Information Disclosure
Affected Vendors
Cisco
Affected Products
Cisco Webex Meetings Desktop App for Windows releases earlier than 40.4.12 and 40.6.0
Remediation
Refer to Cisco advisory for the complete list of affected products and upgraded patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt