How severe is CVE-2024-20395?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2024-20395?

This is classified as CWE-523, which is a common weakness in software security.

CVE-2024-20395 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Related Vulnerabilities

CVE-2024-1102

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

CWE-5232024

CVE-2021-32003

MEDIUM

CVSS:5.5(Medium)

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secom...

CWE-5232021

CVE-2021-38460

HIGH

CVSS:7.5(High)

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs o...

CWE-5232021

CVE-2022-31805

HIGH

CVSS:7.5(High)

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CWE-5232022

CVE-2023-22862

HIGH

CVSS:7.5(High)

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-5232023

CVE-2023-31277

HIGH

CVSS:7.5(High)

PiiGAB M-Bus transmits credentials in plaintext format.

CWE-5232023