CVE-2023-20180

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 7, 2023

Updated: Feb 8, 2024

CWE ID 352

Summary

CVE-2023-20180 is a newly disclosed vulnerability affecting the web interface of Cisco Webex Meetings. This issue allows an unauthenticated, remote attacker to carry out cross-site request forgery (CSRF) attacks. The root cause is insufficient CSRF protections within the web interface. An attacker could manipulate users into clicking malicious links, potentially leading to arbitrary actions such as joining meetings or scheduling training sessions. Successful exploitation could pose a significant security risk to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco WebEx Meetings

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r4l4M9
https://www.cve.org/CVERecord?id=CVE-2023-20180
https://nvd.nist.gov/vuln/detail/CVE-2023-20180

Back to Vulnerability Database