2970 matches found
Cisco Webex Software Application Authorization Bypass Vulnerability
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...
Cisco Webex 跨站请求伪造漏洞
Cisco Webex is a suite of video conferencing and collaboration products from Cisco. Cisco Webex suffers from a cross-site request forgery vulnerability that could allow an unauthenticated, remote attacker to authorize external application integration and access user accounts without the user's...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in...
Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Cisco Webex Player Memory Corruption (cisco-sa-webex-player-kOf8zVT)
The version of Cisco Webex Player installed on the remote host is affected by a memory corruption vulnerability due to insufficient validation of values in Webex recording files that are in Webex Recording Format WRF. An attacker could exploit this by sending a user a malicious WRF file through a...
Cisco Webex Network Recording Player and Cisco Webex Player DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Network Recording Player is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the syste...
Cisco Webex Teams for Windows DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Teams for Windows is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the system, to...
Cisco Webex Meetings DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Meetings is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the system, to execute...
The vulnerability of the Cisco Webex Player for Windows and MacOS operating systems stems from insufficient validation of values in Webex recording files, allowing attackers to trigger service interruptions.
The vulnerability of the Cisco Webex Player for Windows and MacOS operating systems is related to insufficient checking of values in Webex recording files. Exploiting this vulnerability can allow attackers to trigger a service failure by sending specially crafted WRF Webex Recording Format files...
Cisco Webex Player Memory Corruption Vulnerability Vulnerability (cisco-sa-webex-player-kxtkFbnR)
The version of Cisco Webex Network Recording Player and Cisco Webex Player installed on the remote host is affected by a remote code execution vulnerability due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format ARF or th...
Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability (cisco-sa-webex-8fpBnKOz)
According to its self-reported version, Cisco Webex Meetings is affected by a information disclosure vulnerability. This vulnerability is due to insufficient protection of sensitive participant information. An unauthenticated, remote attacker could exploit this vulnerability by browsing the Webex...
CVE-2021-1544
A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...
CVE-2021-1544
A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...
CVE-2021-1536
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...
CVE-2021-1536
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...
CVE-2021-1503
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in...
CVE-2021-1517
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker...
CVE-2021-1527
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex...