Rewterz Threat Advisory – CVE-2020-3472 – Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
August 7, 2020Rewterz Threat Advisory – CVE-2020-3433 – Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
August 7, 2020Rewterz Threat Advisory – CVE-2020-3472 – Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
August 7, 2020Rewterz Threat Advisory – CVE-2020-3433 – Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
August 7, 2020Severity
High
Analysis Summary
The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.
Impact
Information Disclosure
Affected Vendors
Cisco
Affected Products
All 1.3.x versions of Cisco DNA Center software releases prior to 1.3.1.4
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.