69 matches found
CVE-2021-1467
CVE-2021-1467 affects Cisco Webex Meetings for Android. The issue stems from improper authorization checks, allowing an authenticated remote actor in the same meeting to modify another user’s avatar by sending a crafted request to the targeted Webex client. Impact is limited to avatar modificatio...
CVE-2021-1372
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...
CVE-2019-1948
Cisco Webex Meetings Mobile (iOS) is affected by CVE-2019-1948. The vulnerability stems from insufficient SSL certificate validation, allowing an unauthenticated, remote attacker to perform a man-in-the-middle attack and gain read access to sensitive data by presenting a crafted SSL certificate. ...
CVE-2020-3182
Cisco Webex Meetings Client for MacOS is affected by an information-disclosure vulnerability in the mDNS configuration. An unauthenticated adjacent attacker can exploit this by issuing an mDNS query for a specific service to obtain device information from affected Webex clients. The issue is docu...
CVE-2020-3361
CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...
CVE-2020-3588
CVE-2020-3588 affects Cisco Webex Meetings Desktop App for Windows in virtual desktop environments. The root cause is improper validation of messages processed by the virtualization channel interface, allowing a local attacker with limited privileges to execute arbitrary code with the user’s priv...
CVE-2020-3541
CVE-2020-3541 affects Cisco Webex on Windows (Webex Meetings Client/Desktop App/Teams). The root cause is unsafe logging of authentication requests, allowing an authenticated, local attacker to read log files in the application directory and access sensitive information. Impact is information dis...
CVE-2020-3347
CVE-2020-3347 affects Cisco Webex Meetings Desktop App for Windows. The flaw stems from unsafe usage of shared memory in the Webex memory map/trace implementation, allowing an authenticated, local attacker to read sensitive data (e.g., usernames, meeting information, authentication tokens) from s...
CVE-2020-3441
Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...
CVE-2020-3573
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by multiple ARF/WRF parsing vulnerabilities. The flaws stem from insufficient validation during ARF/WRF parsing and an uninitialized pointer, enabling arbitrary code execution when a user opens a mali...
CVE-2020-3345
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...
CVE-2021-1544
CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...
CVE-2020-3440
CVE-2020-3440 affects Cisco Webex Meetings Desktop App for Windows. The root cause is improper validation of URL parameters sent from a website, enabling an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Exploitation involves convincing a user to click a craf...
CVE-2021-1351
CVE-2021-1351 concerns a cross-site scripting (XSS) vulnerability in the web-based interface of Cisco Webex Meetings. The issue arises from insufficient validation of user-supplied input in the web interface, which could allow an unauthenticated, remote attacker to persuade a user to click a mali...
CVE-2018-0264
Summary: CVE-2018-0264 affects Cisco WebEx ARF playback components across WebEx Business Suite, Meetings sites, Meetings Server, and ARF Player. An unauthenticated, remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file an...
CVE-2019-15960
CVE-2019-15960 is a Cisco Webex Meetings privilege-escalation vulnerability affecting the Webex Network Recording Admin page. The issue arises from insufficient access-control validation, allowing an authenticated, low-privilege administrator to exploit a crafted URL request to gain privileged ac...
CVE-2021-1310
CVE-2021-1310 affects Cisco Webex Meetings’ web-based management interface. It is an open redirect vulnerability caused by improper validation of URL parameters in an HTTP request, allowing an unauthenticated attacker to persuade a user to click a crafted link and be redirected to a malicious sit...
CVE-2017-17428
CVE-2017-17428 is a Bleichenbacher-style RSA padding oracle (ROBOT) vulnerability that can allow an attacker to decrypt TLS data by exploiting RSA PKCS#1. Cisco advisories and CERT CERT/SEC records indicate multiple Cisco products (and other vendors’ TLS stacks) were affected and issued updates. ...
CVE-2019-16001
Cisco Webex Teams for Windows is affected by CVE-2019-16001: a DLL hijacking vulnerability due to insufficient validation of resources loaded at run time. An authenticated, local attacker can craft a malicious DLL and place it in a specific location; the DLL executes when the vulnerable app launc...
CVE-2020-3155
CVE-2020-3155 is a Cisco Intelligent Proximity SSL certificate validation vulnerability. The issue stems from a lack of validation of the SSL server certificate when establishing connections to Cisco Webex video devices or Cisco collaboration endpoints. An unauthenticated, remote attacker could p...
CVE-2022-20654
CVE-2022-20654 affects Cisco Webex Meetings: an unauthenticated remote attacker can exploit insufficient input validation in the web-based interface to trigger cross-site scripting (XSS) by enticing a user to click a crafted link. Impact per sources includes execution of arbitrary script code in ...
CVE-2022-20778
Summary (CVE-2022-20778) : A vulnerability in the authentication component of Cisco Webex Meetings enables an unauthenticated, remote attacker to perform a Cross-Site Scripting (XSS) attack against users of the web-based interface due to insufficient validation of user input. An attacker can lure...
CVE-2017-6753
Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...
CVE-2019-1674
CVE-2019-1674 is a local OS command injection in Cisco Webex Updates: the update service accepts crafted parameters, allowing an attacker with local access to execute commands with SYSTEM privileges. Affected: Cisco Webex Meetings Desktop App for Windows and Cisco Webex Productivity Tools. Root c...
CVE-2022-20852
The CVE-2022-20852 entry covers Cisco Webex Meetings Web Interface vulnerabilities that allow remote XSS or frame hijacking via input handling flaws in the Webex web interface. Connected sources corroborate issues originating from insufficient input validation on web pages, enabling cross-site sc...
CVE-2020-3263
The CVE-2020-3263 entry concerns Cisco Webex Meetings Desktop App. Affected component: the client’s URL handling where input is not properly validated. Root cause: improper validation of input supplied to application URLs. Impact: could allow an unauthenticated, remote attacker to persuade a user...
CVE-2021-1420
CVE-2021-1420 refers to an HTML injection vulnerability in Cisco Webex Meetings pages. The issue arises from improper validation/checks of parameter values, allowing an unauthenticated, remote attacker to persuade a user to follow a crafted link that injects HTML into an affected parameter. This ...
CVE-2020-3127
Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...
CVE-2019-15285
Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...
CVE-2020-3128
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...
CVE-2022-20820
Cisco CVE-2022-20820 affects the Cisco Webex Meetings Web Interface. The issues are web‑interface input/validation problems enabling remote XSS or frame hijacking. Impact per available data is low confidentiality and integrity impact, with no availability impact; attacker must lure a user to inte...
CVE-2020-3342
CVE-2020-3342 is a code-execution vulnerability in Cisco Webex Meetings Desktop App for Mac related to the update feature. The issue stems from improper validation of cryptographic protections on files downloaded during an update, allowing an unauthenticated, remote attacker to persuade a user to...
CVE-2020-3603
Cisco WebEx Network Recording Player for Windows and Cisco WebEx Player for Windows contain ARF/WRF parsing vulnerabilities that allow remote code execution. The issue stems from insufficient validation of elements within Webex recordings, enabling a malicious ARF/WRF file delivered via link or e...
CVE-2020-3604
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by ARF/WRF parsing vulnerabilities (CVE-2020-3604). The issue stems from insufficient validation of Webex recording elements, enabling an attacker to execute arbitrary code when a user opens a malicio...
CVE-2020-3194
The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...
CVE-2023-20180
CVE-2023-20180 concerns Cisco Webex Meetings web UI CSRF. The issue arises from insufficient CSRF protections in the web interface, enabling an unauthenticated, remote attacker to coax a user into clicking a malicious link and perform arbitrary actions (e.g., joining meetings, scheduling training...
CVE-2019-15283
CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...
CVE-2019-15287
CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...
CVE-2017-12372
CVE-2017-12372 is a Cisco WebEx Network Recording Player remote code execution vulnerability in ARF/WRF playback. The flaw allows a remote attacker to cause the affected WebEx players to crash and, in the worst case, execute arbitrary code on the user’s system when a malicious ARF or WRF file is ...
CVE-2021-1311
CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...
CVE-2023-20133
Cisco Webex Meetings web UI contains a stored XSS vulnerability due to insufficient input validation in Webex Events (classic) programs, email templates, and survey questions. An authenticated, remote attacker could lure a user to click a malicious link, allowing script execution within the affec...
CVE-2021-1410
CVE-2021-1410 affects Cisco Webex Meetings. The vulnerability stems from insufficient authorization enforcement for requests to update distribution lists, allowing an authenticated, remote attacker to modify a distribution list belonging to another user within the same organization. The issue is ...
CVE-2018-0390
Cisco Webex DOM-based XSS (CVE-2018-0390) affects the Webex web framework and arises from insufficient input validation of POST parameters, enabling an unauthenticated, remote attacker to inject scripts that run in a user’s browser for the affected web UI. The issue is documented across multiple ...
CVE-2018-0103
CVE-2018-0103 describes a buffer overflow in Cisco WebEx Network Recording Player when parsing ARF files, permitting arbitrary code execution with local access (per NVD) and potentially remote exploitation via crafted ARF content (per ZDI). Affected: Cisco WebEx Network Recording Player and relat...
CVE-2018-0112
CVE-2018-0112 affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server. The root cause is insufficient input validation by the WebEx clients, enabling an authenticated remote attacker to execute arbitrary code on a targeted system by delivering a malicious...
CVE-2018-0104
The CVE-2018-0104 issue concerns Cisco WebEx Network Recording Player for ARF files. A remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file and convincing them to open it. Affected products include Cisco WebEx Business S...
CVE-2018-0356
Summary : CVE-2018-0356 affects Cisco WebEx’s web framework with insufficient input validation on HTTP GET/POST parameters, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against users of the affected web interface. An attacker can trick a user into fo...
CVE-2018-0357
Cisco WebEx Web framework vulnerability CVE-2018-0357 enables unauthenticated XSS in the WebEx web interface due to insufficient input validation of HTTP GET/POST parameters. An attacker entices a user to follow a malicious link, allowing arbitrary script/HTML execution in the user’s browser. Roo...
CVE-2021-1221
The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...
CVE-2025-20255
CVE-2025-20255 affects Cisco Webex Meetings, specifically the client join services. The issue arises from improper handling of malicious HTTP requests, enabling HTTP cache poisoning where stored HTTP responses could be manipulated and cause the Webex Meetings service to return incorrect responses...