CVE-2024-20396

Summary

CVE-2024-20396 is a newly disclosed vulnerability affecting the protocol handlers in Cisco Webex App. This issue enables unauthenticated, remote attackers to potentially gain access to sensitive information. The vulnerability arises due to the application's inability to securely handle file protocol handlers. An attacker can exploit this flaw by convincing a user to click on a malicious link, leading the application to send requests that can be intercepted in privileged network positions. Successful exploitation may result in the exfiltration of sensitive data, such as credential information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.