Vulnerabilities > CVE-2020-27610 - Unspecified vulnerability in Bigbluebutton

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bigbluebutton

NVD

Published: 2020-10-21

Updated: 2021-07-21

Summary

The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

Vulnerable Configurations

Part	Description	Count
Application	Bigbluebutton Bigbluebutton Bigbluebutton 2.2.7 Bigbluebutton Bigbluebutton 2.2.8 Bigbluebutton Bigbluebutton 2.2.25 Bigbluebutton Bigbluebutton 2.2.26 Bigbluebutton Bigbluebutton 2.2.27 Bigbluebutton Bigbluebutton 2.2.28	6

References

https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html