Is CVE-2020-3588 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 0%.

What products does CVE-2020-3588 affect?

Tracked products affected include Cisco Webex Meetings. Check the version you run to see whether it is affected.

How do I fix CVE-2020-3588?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2020-3588

Q: What is CVE-2020-3588?

CVE-2020-3588 is a high-severity software vulnerability (Path traversal) with a CVSS score of 7.3. A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtua

HIGH severity · CVSS 7.3 · Path traversal

7.3CVSS HIGH

Summary

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredLow

User interactionRequired

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)0%

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

Cisco Webex Meetings

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ ↗

CVE-2020-3588

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information