Lucene search
K
CiscoWebex Meetings

69 matches found

CVE
CVE
added 2021/04/08 4:6 a.m.4749 views

CVE-2021-1467

CVE-2021-1467 affects Cisco Webex Meetings for Android. The issue stems from improper authorization checks, allowing an authenticated remote actor in the same meeting to modify another user’s avatar by sending a crafted request to the targeted Webex client. Impact is limited to avatar modificatio...

4.3CVSS4.4AI score0.00745EPSS
CVE
CVE
added 2021/02/17 4:55 p.m.1879 views

CVE-2021-1372

Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...

5.5CVSS5.3AI score0.0041EPSS
CVE
CVE
added 2019/08/21 6:30 p.m.1393 views

CVE-2019-1948

Cisco Webex Meetings Mobile (iOS) is affected by CVE-2019-1948. The vulnerability stems from insufficient SSL certificate validation, allowing an unauthenticated, remote attacker to perform a man-in-the-middle attack and gain read access to sensitive data by presenting a crafted SSL certificate. ...

5.9CVSS5.5AI score0.0087EPSS
CVE
CVE
added 2020/03/04 6:35 p.m.1329 views

CVE-2020-3182

Cisco Webex Meetings Client for MacOS is affected by an information-disclosure vulnerability in the mDNS configuration. An unauthenticated adjacent attacker can exploit this by issuing an mDNS query for a specific service to obtain device information from affected Webex clients. The issue is docu...

4.3CVSS4.6AI score0.00508EPSS
CVE
CVE
added 2020/06/18 2:17 a.m.1304 views

CVE-2020-3361

CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...

9.8CVSS9.2AI score0.02364EPSS
CVE
CVE
added 2020/11/06 6:16 p.m.1293 views

CVE-2020-3588

CVE-2020-3588 affects Cisco Webex Meetings Desktop App for Windows in virtual desktop environments. The root cause is improper validation of messages processed by the virtualization channel interface, allowing a local attacker with limited privileges to execute arbitrary code with the user’s priv...

7.8CVSS7.5AI score0.00393EPSS
CVE
CVE
added 2020/09/04 2:25 a.m.1192 views

CVE-2020-3541

CVE-2020-3541 affects Cisco Webex on Windows (Webex Meetings Client/Desktop App/Teams). The root cause is unsafe logging of authentication requests, allowing an authenticated, local attacker to read log files in the application directory and access sensitive information. Impact is information dis...

4.4CVSS4.8AI score0.00326EPSS
CVE
CVE
added 2020/06/18 2:16 a.m.953 views

CVE-2020-3347

CVE-2020-3347 affects Cisco Webex Meetings Desktop App for Windows. The flaw stems from unsafe usage of shared memory in the Webex memory map/trace implementation, allowing an authenticated, local attacker to read sensitive data (e.g., usernames, meeting information, authentication tokens) from s...

5.5CVSS5.4AI score0.00351EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.904 views

CVE-2020-3441

Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...

5.3CVSS5.1AI score0.01546EPSS
CVE
CVE
added 2020/11/06 6:16 p.m.790 views

CVE-2020-3573

Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by multiple ARF/WRF parsing vulnerabilities. The flaws stem from insufficient validation during ARF/WRF parsing and an uninitialized pointer, enabling arbitrary code execution when a user opens a mali...

9.3CVSS7.9AI score0.02634EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.531 views

CVE-2020-3345

Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...

4.3CVSS4.5AI score0.01212EPSS
CVE
CVE
added 2021/06/04 4:46 p.m.525 views

CVE-2021-1544

CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...

5.5CVSS5.5AI score0.00228EPSS
CVE
CVE
added 2020/08/26 4:16 p.m.520 views

CVE-2020-3440

CVE-2020-3440 affects Cisco Webex Meetings Desktop App for Windows. The root cause is improper validation of URL parameters sent from a website, enabling an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Exploitation involves convincing a user to click a craf...

6.5CVSS6.6AI score0.0262EPSS
CVE
CVE
added 2021/02/17 4:55 p.m.376 views

CVE-2021-1351

CVE-2021-1351 concerns a cross-site scripting (XSS) vulnerability in the web-based interface of Cisco Webex Meetings. The issue arises from insufficient validation of user-supplied input in the web interface, which could allow an unauthenticated, remote attacker to persuade a user to click a mali...

6.1CVSS6AI score0.00784EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.361 views

CVE-2018-0264

Summary: CVE-2018-0264 affects Cisco WebEx ARF playback components across WebEx Business Suite, Meetings sites, Meetings Server, and ARF Player. An unauthenticated, remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file an...

9.6CVSS9.3AI score0.03247EPSS
CVE
CVE
added 2019/11/26 3:11 a.m.177 views

CVE-2019-15960

CVE-2019-15960 is a Cisco Webex Meetings privilege-escalation vulnerability affecting the Webex Network Recording Admin page. The issue arises from insufficient access-control validation, allowing an authenticated, low-privilege administrator to exploit a crafted URL request to gain privileged ac...

6.5CVSS5.4AI score0.01278EPSS
CVE
CVE
added 2021/01/13 9:46 p.m.174 views

CVE-2021-1310

CVE-2021-1310 affects Cisco Webex Meetings’ web-based management interface. It is an open redirect vulnerability caused by improper validation of URL parameters in an HTTP request, allowing an unauthenticated attacker to persuade a user to click a crafted link and be redirected to a malicious sit...

4.7CVSS4.7AI score0.01582EPSS
CVE
CVE
added 2018/03/05 6:0 p.m.123 views

CVE-2017-17428

CVE-2017-17428 is a Bleichenbacher-style RSA padding oracle (ROBOT) vulnerability that can allow an attacker to decrypt TLS data by exploiting RSA PKCS#1. Cisco advisories and CERT CERT/SEC records indicate multiple Cisco products (and other vendors’ TLS stacks) were affected and issued updates. ...

7.1CVSS6.3AI score0.1501EPSS
CVE
CVE
added 2019/11/26 3:41 a.m.114 views

CVE-2019-16001

Cisco Webex Teams for Windows is affected by CVE-2019-16001: a DLL hijacking vulnerability due to insufficient validation of resources loaded at run time. An authenticated, local attacker can craft a malicious DLL and place it in a specific location; the DLL executes when the vulnerable app launc...

5.3CVSS5.6AI score0.00377EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.113 views

CVE-2020-3155

CVE-2020-3155 is a Cisco Intelligent Proximity SSL certificate validation vulnerability. The issue stems from a lack of validation of the SSL server certificate when establishing connections to Cisco Webex video devices or Cisco collaboration endpoints. An unauthenticated, remote attacker could p...

7.4CVSS7.3AI score0.00874EPSS
CVE
CVE
added 2024/11/15 4:2 p.m.107 views

CVE-2022-20654

CVE-2022-20654 affects Cisco Webex Meetings: an unauthenticated remote attacker can exploit insufficient input validation in the web-based interface to trigger cross-site scripting (XSS) by enticing a user to click a crafted link. Impact per sources includes execution of arbitrary script code in ...

6.1CVSS6AI score0.00572EPSS
CVE
CVE
added 2022/04/21 6:50 p.m.106 views

CVE-2022-20778

Summary (CVE-2022-20778) : A vulnerability in the authentication component of Cisco Webex Meetings enables an unauthenticated, remote attacker to perform a Cross-Site Scripting (XSS) attack against users of the web-based interface due to insufficient validation of user input. An attacker can lure...

6.1CVSS6.1AI score0.00761EPSS
CVE
CVE
added 2017/07/25 7:0 p.m.102 views

CVE-2017-6753

Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...

9.3CVSS8.6AI score0.05951EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.96 views

CVE-2019-1674

CVE-2019-1674 is a local OS command injection in Cisco Webex Updates: the update service accepts crafted parameters, allowing an attacker with local access to execute commands with SYSTEM privileges. Affected: Cisco Webex Meetings Desktop App for Windows and Cisco Webex Productivity Tools. Root c...

9CVSS8.3AI score0.10759EPSS
Web
CVE
CVE
added 2022/08/10 8:10 a.m.92 views

CVE-2022-20852

The CVE-2022-20852 entry covers Cisco Webex Meetings Web Interface vulnerabilities that allow remote XSS or frame hijacking via input handling flaws in the Webex web interface. Connected sources corroborate issues originating from insufficient input validation on web pages, enabling cross-site sc...

6.5CVSS5.7AI score0.00438EPSS
CVE
CVE
added 2020/06/18 2:21 a.m.89 views

CVE-2020-3263

The CVE-2020-3263 entry concerns Cisco Webex Meetings Desktop App. Affected component: the client’s URL handling where input is not properly validated. Root cause: improper validation of input supplied to application URLs. Impact: could allow an unauthenticated, remote attacker to persuade a user...

7.6CVSS7.8AI score0.04117EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.88 views

CVE-2021-1420

CVE-2021-1420 refers to an HTML injection vulnerability in Cisco Webex Meetings pages. The issue arises from improper validation/checks of parameter values, allowing an unauthenticated, remote attacker to persuade a user to follow a crafted link that injects HTML into an affected parameter. This ...

4.7CVSS4.7AI score0.00925EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.86 views

CVE-2020-3127

Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...

9.3CVSS7.8AI score0.02256EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.84 views

CVE-2019-15285

Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.82 views

CVE-2020-3128

Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...

9.3CVSS7.8AI score0.01893EPSS
CVE
CVE
added 2022/08/10 8:11 a.m.82 views

CVE-2022-20820

Cisco CVE-2022-20820 affects the Cisco Webex Meetings Web Interface. The issues are web‑interface input/validation problems enabling remote XSS or frame hijacking. Impact per available data is low confidentiality and integrity impact, with no availability impact; attacker must lure a user to inte...

5.4CVSS5.4AI score0.00445EPSS
CVE
CVE
added 2020/06/18 2:16 a.m.80 views

CVE-2020-3342

CVE-2020-3342 is a code-execution vulnerability in Cisco Webex Meetings Desktop App for Mac related to the update feature. The issue stems from improper validation of cryptographic protections on files downloaded during an update, allowing an unauthenticated, remote attacker to persuade a user to...

9.3CVSS9AI score0.03797EPSS
CVE
CVE
added 2020/11/06 6:17 p.m.80 views

CVE-2020-3603

Cisco WebEx Network Recording Player for Windows and Cisco WebEx Player for Windows contain ARF/WRF parsing vulnerabilities that allow remote code execution. The issue stems from insufficient validation of elements within Webex recordings, enabling a malicious ARF/WRF file delivered via link or e...

9.3CVSS7.9AI score0.02506EPSS
CVE
CVE
added 2020/11/06 6:17 p.m.74 views

CVE-2020-3604

Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by ARF/WRF parsing vulnerabilities (CVE-2020-3604). The issue stems from insufficient validation of Webex recording elements, enabling an attacker to execute arbitrary code when a user opens a malicio...

9.3CVSS7.9AI score0.02432EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.71 views

CVE-2020-3194

The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...

9.3CVSS7.7AI score0.01907EPSS
CVE
CVE
added 2023/07/07 7:47 p.m.71 views

CVE-2023-20180

CVE-2023-20180 concerns Cisco Webex Meetings web UI CSRF. The issue arises from insufficient CSRF protections in the web interface, enabling an unauthenticated, remote attacker to coax a user into clicking a malicious link and perform arbitrary actions (e.g., joining meetings, scheduling training...

4.3CVSS5AI score0.00314EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.70 views

CVE-2019-15283

CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.68 views

CVE-2019-15287

CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.65 views

CVE-2017-12372

CVE-2017-12372 is a Cisco WebEx Network Recording Player remote code execution vulnerability in ARF/WRF playback. The flaw allows a remote attacker to cause the affected WebEx players to crash and, in the worst case, execute arbitrary code on the user’s system when a malicious ARF or WRF file is ...

9.6CVSS9.6AI score0.0298EPSS
CVE
CVE
added 2021/01/13 9:46 p.m.65 views

CVE-2021-1311

CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...

5.5CVSS5.4AI score0.01263EPSS
CVE
CVE
added 2023/07/07 7:47 p.m.65 views

CVE-2023-20133

Cisco Webex Meetings web UI contains a stored XSS vulnerability due to insufficient input validation in Webex Events (classic) programs, email templates, and survey questions. An authenticated, remote attacker could lure a user to click a malicious link, allowing script execution within the affec...

5.4CVSS5.2AI score0.00517EPSS
CVE
CVE
added 2024/11/18 3:38 p.m.64 views

CVE-2021-1410

CVE-2021-1410 affects Cisco Webex Meetings. The vulnerability stems from insufficient authorization enforcement for requests to update distribution lists, allowing an authenticated, remote attacker to modify a distribution list belonging to another user within the same organization. The issue is ...

4.3CVSS4.6AI score0.00808EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.63 views

CVE-2018-0390

Cisco Webex DOM-based XSS (CVE-2018-0390) affects the Webex web framework and arises from insufficient input validation of POST parameters, enabling an unauthenticated, remote attacker to inject scripts that run in a user’s browser for the affected web UI. The issue is documented across multiple ...

6.1CVSS6AI score0.01012EPSS
CVE
CVE
added 2018/01/04 6:0 a.m.62 views

CVE-2018-0103

CVE-2018-0103 describes a buffer overflow in Cisco WebEx Network Recording Player when parsing ARF files, permitting arbitrary code execution with local access (per NVD) and potentially remote exploitation via crafted ARF content (per ZDI). Affected: Cisco WebEx Network Recording Player and relat...

9.3CVSS7.7AI score0.01715EPSS
CVE
CVE
added 2018/04/19 8:0 p.m.62 views

CVE-2018-0112

CVE-2018-0112 affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server. The root cause is insufficient input validation by the WebEx clients, enabling an authenticated remote attacker to execute arbitrary code on a targeted system by delivering a malicious...

9CVSS9.3AI score0.027EPSS
CVE
CVE
added 2018/01/04 6:0 a.m.61 views

CVE-2018-0104

The CVE-2018-0104 issue concerns Cisco WebEx Network Recording Player for ARF files. A remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file and convincing them to open it. Affected products include Cisco WebEx Business S...

9.6CVSS9.4AI score0.03774EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.61 views

CVE-2018-0356

Summary : CVE-2018-0356 affects Cisco WebEx’s web framework with insufficient input validation on HTTP GET/POST parameters, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against users of the affected web interface. An attacker can trick a user into fo...

6.1CVSS6AI score0.01783EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.61 views

CVE-2018-0357

Cisco WebEx Web framework vulnerability CVE-2018-0357 enables unauthenticated XSS in the WebEx web interface due to insufficient input validation of HTTP GET/POST parameters. An attacker entices a user to follow a malicious link, allowing arbitrary script/HTML execution in the user’s browser. Roo...

6.1CVSS6AI score0.02011EPSS
CVE
CVE
added 2021/02/04 4:35 p.m.61 views

CVE-2021-1221

The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...

4.1CVSS4.3AI score0.0103EPSS
CVE
CVE
added 2025/05/21 4:43 p.m.61 views

CVE-2025-20255

CVE-2025-20255 affects Cisco Webex Meetings, specifically the client join services. The issue arises from improper handling of malicious HTTP requests, enabling HTTP cache poisoning where stored HTTP responses could be manipulated and cause the Webex Meetings service to return incorrect responses...

4.3CVSS6.8AI score0.00167EPSS
Total number of security vulnerabilities69