Meetings Security Vulnerabilities
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording.....
7.8CVSS
7.7AI Score
0.002EPSS
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording.....
7.8CVSS
8.2AI Score
0.002EPSS
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording.....
7.8CVSS
7.7AI Score
0.002EPSS
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording.....
7.8CVSS
7.7AI Score
0.002EPSS
A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and...
5.5CVSS
5.7AI Score
0.002EPSS
A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a...
7.3CVSS
7.6AI Score
0.002EPSS
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to.....
5.5CVSS
5.8AI Score
0.001EPSS
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
6.1CVSS
6AI Score
0.001EPSS
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to.....
7.8CVSS
7.8AI Score
0.002EPSS
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this.....
8.8CVSS
8.8AI Score
0.023EPSS
A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a.....
5.3CVSS
5.4AI Score
0.011EPSS
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email...
9.6CVSS
9.3AI Score
0.007EPSS
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An...
9CVSS
9.3AI Score
0.006EPSS
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...
5.9CVSS
6.3AI Score
0.003EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...
5.3CVSS
5.8AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in....
2.7CVSS
3.7AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to...
8.1CVSS
8AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in....
5.3CVSS
5.3AI Score
0.001EPSS
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious.....
9.6CVSS
9.4AI Score
0.015EPSS
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a...
7.8CVSS
7.7AI Score
0.001EPSS
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or....
9.6CVSS
9.4AI Score
0.019EPSS
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL....
9.6CVSS
9.4AI Score
0.021EPSS
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the...
5.3CVSS
5.3AI Score
0.001EPSS
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and...
6.5CVSS
7AI Score
0.001EPSS
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via...
9.6CVSS
9.6AI Score
0.021EPSS
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via...
9.6CVSS
9.6AI Score
0.028EPSS
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via...
9.6CVSS
9.6AI Score
0.028EPSS
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via...
9.6CVSS
9.6AI Score
0.028EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header.....
5.3CVSS
5.4AI Score
0.001EPSS
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID...
7.3CVSS
7.3AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the....
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this...
8.6CVSS
8.3AI Score
0.002EPSS
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters....
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx...
8.8CVSS
8.6AI Score
0.034EPSS
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs....
7.5CVSS
7.7AI Score
0.002EPSS
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases:...
6.5CVSS
6.1AI Score
0.001EPSS
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch...
6.5CVSS
6.4AI Score
0.001EPSS
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin...
8.8CVSS
8.8AI Score
0.879EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases:...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases:...
7.2CVSS
7.1AI Score
0.003EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases:...
5.3CVSS
5.2AI Score
0.002EPSS
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases:...
5.4CVSS
5.6AI Score
0.001EPSS
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID...
7.5CVSS
7.4AI Score
0.006EPSS
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID...
8.1CVSS
8.4AI Score
0.026EPSS
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID...
7.5CVSS
7.4AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID...
8.8CVSS
8.9AI Score
0.002EPSS
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID...
7.5CVSS
7AI Score
0.003EPSS