59 matches found
CVE-2020-3142
CVE-2020-3142 affects Cisco Webex Meetings Suite sites and Webex Meetings Online sites via an unauthenticated join flow in mobile Webex apps. An attacker could join a password-protected meeting by using a known meeting ID/URL from a mobile browser, without providing the meeting password; the atte...
CVE-2022-20763
CVE-2022-20763 – Cisco Webex Meetings Java deserialization vulnerability . The issue affects the login authorization component of Cisco Webex Meetings, caused by improper deserialization of Java code in login requests. An authenticated, remote attacker could exploit this to inject arbitrary Java ...
CVE-2019-15987
CVE-2019-15987 affects Cisco Webex Centers suite (Webex Event Center, Meeting Center, Support Center, Training Center). Root cause: missing CAPTCHA on select URLs allows unauthenticated, remote attacker to enumerate usernames and potentially obtain real names. Impact is information disclosure (no...
CVE-2020-3116
Cisco Webex Centers vulnerability CVE-2020-3116: A flaw in how Webex/Cisco Webex Center applications process Universal Communications Format (UCF) files can allow a DoS when a user opens a malicious UCF file received via link or email. Root cause: insufficient validation of UCF media files. Impac...
CVE-2019-1674
CVE-2019-1674 is a local OS command injection in Cisco Webex Updates: the update service accepts crafted parameters, allowing an attacker with local access to execute commands with SYSTEM privileges. Affected: Cisco Webex Meetings Desktop App for Windows and Cisco Webex Productivity Tools. Root c...
CVE-2019-1924
Cisco CVE-2019-1924 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue stems from improper validation of ARF/WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. The exploit...
CVE-2021-1536
CVE-2021-1536 affects Cisco Webex products on Windows (Webex Meetings Desktop App, Webex Meetings Server, Webex Network Recording Player, and Webex Teams). The issue is a directory-path handling flaw that lets an authenticated, local attacker place a configuration file to cause loading of a malic...
CVE-2019-15284
Consolidated details confirm CVE-2019-15284 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is insufficient validation of certain elements within ARF/WRF Webex recordings, enabling an attacker to execute arbitrary code on a targeted syst...
CVE-2019-1928
The CVE-2019-1928 entries describe multiple ARF/WRF parsing vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, which can be exploited by sending a malicious file via a link or email attach...
CVE-2019-1927
CVE-2019-1927 affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a malicious ARF/WRF file received via link or email attachment. Impact: code runs with the user’s pr...
CVE-2019-1929
The CVE-2019-1929 family covers multiple vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code on the target system. Exploitation requires a user to open a ...
CVE-2020-3127
Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...
CVE-2019-15285
Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...
CVE-2020-3128
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...
CVE-2021-1502
CVE-2021-1502 affects Cisco Webex Network Recording Player and Webex Player for Windows and macOS. Root cause: memory corruption due to insufficient validation of ARF/WRF recording files. Attackers can deliver a crafted ARF/WRF via a link or email attachment and persuade a user to open it, enabli...
CVE-2019-15286
CVE-2019-15286 covers multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows caused by insufficient validation of Webex ARF/WRF recordings. An attacker could craft a malicious ARF/WRF file and persuade a user to open it, execut...
CVE-2019-1926
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2019-1926 due to improper validation of ARF/WRF files, enabling arbitrary code execution. The exploit involves sending a malicious ARF/WRF file via a link or email attachment and convincing the user to ope...
CVE-2019-1925
Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...
CVE-2019-1773
The CVE-2019-1773 issue affects the Cisco Webex Network Recording Player and the Cisco Webex Player for Windows. The vulnerability arises from improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code when a user ...
CVE-2020-3194
The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...
CVE-2021-1517
CVE-2021-1517 concerns a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Webex Meetings Server . The issue arises from unsafe handling of shared content within the multimedia viewer, enabling an authenticated, remote attacker to bypass security protections by sharing a ...
CVE-2019-15283
CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...
CVE-2019-15287
CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...
CVE-2020-3412
The CVE-2020-3412 issue affects Cisco Webex Meetings: an authenticated, remote attacker could create a scheduled meeting template that belongs to another user due to insufficient authorization enforcement in the scheduled meeting template feature. Exploitation involves sending a crafted request t...
CVE-2021-1525
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2021-1525, an input-validation flaw in URL paths that allows an unauthenticated, remote attacker to redirect users to a remote (malicious) file. Exploitation requires convincing a user to follow a crafted URL, enabling the attacke...
CVE-2019-1771
CVE-2019-1771 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue arises from improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code when a user opens a malicious ARF/WRF file delivered via link or email attachment. ...
CVE-2018-0380
CVE-2018-0380 affects Cisco Webex Network Recording Player components for ARF and WRF files. The vulnerabilities allow an attacker to cause a crash/DoS by delivering a malicious .arf or .wrf file and convincing the user to open it, with exploitation described as a resource-management/DoS conditio...
CVE-2018-15436
The CVE-2018-15436 issue affects Cisco Webex Centers’ web-based management interfaces (Events Center, Meeting Center, Support Center, Training Center). A cross-site scripting (XSS) vulnerability arises from insufficient validation of user-supplied input, allowing an unauthenticated, remote attack...
CVE-2019-1637
The CVE-2019-1637 issue affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows, caused by improper validation of ARF/WRF files. A malicious ARF/WRF file delivered via link or email and opened by the user could allow arbitrary code execution on the affected sys...
CVE-2018-0287
CVE-2018-0287 affects Cisco WebEx Network Recording Player for ARF files. A design flaw could allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a malicious ARF file or follow a link (via email attachment or embedded link). Affected products include C...
CVE-2018-0379
Cisco WebEx Network Recording Player/Recorder and WebEx Recording Format (WRF) parsing vulnerabilities exist in ARF/WRF handling. Multiple issues (e.g., ARF/WRF parsing) can cause heap-based or integer overflow, leading to remote code execution when a user opens a malicious ARF/WRF file or views ...
CVE-2020-3463
Summary of CVE-2020-3463 (Cisco Webex Meetings) : A vulnerability in the web-based management interface allows an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack due to insufficient validation of user-supplied input. An attacker can lure a user to click a malicious...
CVE-2018-15410
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by a vulnerability where ARF/WRF file validation is faulty, allowing an attacker who persuades a user to open a malicious file to execute arbitrary code with the user’s privileges. Root cause cited across sources...
CVE-2018-15421
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2018-15421 due to improper validation of ARF/WRF files. An attacker can deliver a malicious ARF/WRF file via a link or email attachment and persuade a user to open it, potentially allowing arbitrary code e...
CVE-2018-15431
Cisco Webex Network Recording Player and Webex Player for Windows are affected by CVE-2018-15431. The vulnerability arises from improper validation of ARF/WRF files, allowing an attacker to execute arbitrary code on an affected system when a user opens a malicious ARF/WRF file delivered via a lin...
CVE-2018-0457
Cisco Webex Player (WRF) vulnerability CVE-2018-0457 involves a resource management error in handling Webex Recording Format files. An unauthenticated, remote attacker can cause a DoS by sending a malicious WRF file via a link or email attachment and convincing a user to open it, crashing the pla...
CVE-2018-15415
CVE-2018-15415 affects the Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The issue stems from improper validation in ARF/WRF file parsing, allowing an attacker to execute arbitrary code on a vulnerable system. ZDI describes a remote code execution via a crafted ARF file...
CVE-2018-15422
Cisco Webex Network Recording Player (Windows) and Cisco Webex Player for Windows are affected by ARF/WRF file validation flaws that allow remote code execution when a user opens a malicious ARF/WRF file sent via link or email attachment. The root cause is improper validation of WebEx recording f...
CVE-2019-1772
CVE-2019-1772 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling a crafted file to cause arbitrary code execution on the affected system when a user opens it. Exploit path: attacker emails or link...
CVE-2020-3413
The CVE-2020-3413 issue affects Cisco Webex Meetings, specifically the scheduled meeting template deletion feature. The root cause is insufficient authorization enforcement for requests to delete scheduled meeting templates, allowing an authenticated, remote attacker to delete a template belongin...
CVE-2018-0288
The CVE-2018-0288 issue concerns Cisco WebEx Recording Format (WRF) Player: a design flaw in processing WRF files can allow remote attackers to read memory outside the mapped file boundaries, enabling information disclosure. Affected products include Cisco WebEx Business Suite meeting sites, WebE...
CVE-2018-0422
Summary: CVE-2018-0422 affects Cisco Webex Meetings Client for Windows. The vulnerability stems from folder permissions that allow a user to read, write, and execute files in the Webex user directories, enabling an authenticated, local attacker to modify locally stored files and execute code with...
CVE-2018-15408
CVE-2018-15408 affects Cisco Webex Network Recording Player and Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted file received via link or email attachment. ZDI details indicate remote code execution wi...
CVE-2018-15414
Cisco Webex Network Recording Player (Windows) and Cisco Webex Player are affected by ARF/WRF file validation flaws that can lead to remote code execution when a user opens a malicious ARF/WRF file sent via link or email attachment. The root cause is improper validation of ARF/WRF files. Impact: ...
CVE-2019-1638
CVE-2019-1638 refers to multiple Cisco Webex-related RCE issues in the Windows players. The root cause is improper validation of ARF/WRF files in the Cisco Webex Network Recording Player and Webex Player for Windows, allowing arbitrary code execution when a user opens a crafted ARF/WRF file or vi...
CVE-2019-1640
Summary: CVE-2019-1640 affects Cisco Webex Network Recording Player and Webex Player for Windows. The issue is a buffer overflow caused by improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code on a vulnerable system. Exploitation involves sending a user a malicious ...
CVE-2020-3472
CVE-2020-3472 affects Cisco Webex Meetings via the Contacts feature. An authenticated, legitimate user can exploit improper access controls on users added to a contact list to view other users’ details (names, email addresses) by sending specially crafted requests. Impact and affected behavior ar...
CVE-2018-15411
The CVE-2018-15411 issue affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, allowing arbitrary code execution when a user opens a malicious ARF/WRF file (via link or email attachment). Exploitation r...
CVE-2018-15413
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are vulnerable to remote code execution due to improper validation of ARF/WRF files. An attacker can craft a malicious ARF/WRF file and entice a user to open it, potentially executing arbitrary code in the user’s process afte...
CVE-2019-1641
Cisco Webex Network Recording Player and Webex Player for Windows are affected by CVE-2019-1641. The issue stems from improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. Exploitation is describe...