Cisco WebEx Meetings Client Arbitrary File Download Vulnerability

2014-07-10T15:29:11
ID CISCO-SA-20140710-CVE-2014-3310
Type cisco
Reporter Cisco
Modified 2014-07-10T15:29:05

Description

A vulnerability in the File Transfer functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to access arbitrary files on another user's computer also running the Cisco WebEx Meetings client.

The vulnerability exists because the affected software does not properly verify that the file offered by a sending client is the same as the file requested by the receiving client. An attacker could exploit this vulnerability by using a modified Cisco WebEx Meetings client.

Cisco has confirmed the vulnerability in a security notice and released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.