Cisco Webex Teams client for Windows Release 3.0.13131 Uncontrolled Resource Consumption Vulnerability

Summary

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq


Details

The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user’s client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131.

 

Vulnerable Systems:

Cisco Webex Teams client for Windows Release 3.0.13131.

 

CVE Information:

CVE-2020-3131

 

Disclosure Timeline:
Published Date:1/26/2020

Categories: FeaturedNews