Cisco Webex Teams Information Disclosure and Modification Vulnerability
CVE-2018-0436

8.7HIGH

Key Information:

Vendor: Cisco
Status: Cisco Webex Teams
Vendor: CVE Published:; 5 October 2018

Summary

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.

Affected Version(s)

Cisco Webex Teams

References

http://www.securityfocus.com/bid/105301

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 5, 2018
Vulnerability Reserved
Nov 27, 2017