41 matches found
CVE-2020-3142
CVE-2020-3142 affects Cisco Webex Meetings Suite sites and Webex Meetings Online sites via an unauthenticated join flow in mobile Webex apps. An attacker could join a password-protected meeting by using a known meeting ID/URL from a mobile browser, without providing the meeting password; the atte...
CVE-2019-1924
Cisco CVE-2019-1924 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue stems from improper validation of ARF/WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. The exploit...
CVE-2019-1928
The CVE-2019-1928 entries describe multiple ARF/WRF parsing vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, which can be exploited by sending a malicious file via a link or email attach...
CVE-2019-15284
Consolidated details confirm CVE-2019-15284 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is insufficient validation of certain elements within ARF/WRF Webex recordings, enabling an attacker to execute arbitrary code on a targeted syst...
CVE-2019-1927
CVE-2019-1927 affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a malicious ARF/WRF file received via link or email attachment. Impact: code runs with the user’s pr...
CVE-2019-1929
The CVE-2019-1929 family covers multiple vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code on the target system. Exploitation requires a user to open a ...
CVE-2020-3127
Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...
CVE-2019-15285
Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...
CVE-2019-15286
CVE-2019-15286 covers multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows caused by insufficient validation of Webex ARF/WRF recordings. An attacker could craft a malicious ARF/WRF file and persuade a user to open it, execut...
CVE-2020-3128
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...
CVE-2019-1926
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2019-1926 due to improper validation of ARF/WRF files, enabling arbitrary code execution. The exploit involves sending a malicious ARF/WRF file via a link or email attachment and convincing the user to ope...
CVE-2019-1925
Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...
CVE-2019-1773
The CVE-2019-1773 issue affects the Cisco Webex Network Recording Player and the Cisco Webex Player for Windows. The vulnerability arises from improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code when a user ...
CVE-2019-15283
CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...
CVE-2020-3194
The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...
CVE-2019-15287
CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...
CVE-2020-3412
The CVE-2020-3412 issue affects Cisco Webex Meetings: an authenticated, remote attacker could create a scheduled meeting template that belongs to another user due to insufficient authorization enforcement in the scheduled meeting template feature. Exploitation involves sending a crafted request t...
CVE-2019-1771
CVE-2019-1771 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue arises from improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code when a user opens a malicious ARF/WRF file delivered via link or email attachment. ...
CVE-2018-0379
Cisco WebEx Network Recording Player/Recorder and WebEx Recording Format (WRF) parsing vulnerabilities exist in ARF/WRF handling. Multiple issues (e.g., ARF/WRF parsing) can cause heap-based or integer overflow, leading to remote code execution when a user opens a malicious ARF/WRF file or views ...
CVE-2020-3463
Summary of CVE-2020-3463 (Cisco Webex Meetings) : A vulnerability in the web-based management interface allows an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack due to insufficient validation of user-supplied input. An attacker can lure a user to click a malicious...
CVE-2018-15410
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by a vulnerability where ARF/WRF file validation is faulty, allowing an attacker who persuades a user to open a malicious file to execute arbitrary code with the user’s privileges. Root cause cited across sources...
CVE-2018-15421
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2018-15421 due to improper validation of ARF/WRF files. An attacker can deliver a malicious ARF/WRF file via a link or email attachment and persuade a user to open it, potentially allowing arbitrary code e...
CVE-2018-15431
Cisco Webex Network Recording Player and Webex Player for Windows are affected by CVE-2018-15431. The vulnerability arises from improper validation of ARF/WRF files, allowing an attacker to execute arbitrary code on an affected system when a user opens a malicious ARF/WRF file delivered via a lin...
CVE-2018-15415
CVE-2018-15415 affects the Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The issue stems from improper validation in ARF/WRF file parsing, allowing an attacker to execute arbitrary code on a vulnerable system. ZDI describes a remote code execution via a crafted ARF file...
CVE-2018-15422
Cisco Webex Network Recording Player (Windows) and Cisco Webex Player for Windows are affected by ARF/WRF file validation flaws that allow remote code execution when a user opens a malicious ARF/WRF file sent via link or email attachment. The root cause is improper validation of WebEx recording f...
CVE-2018-0422
Summary: CVE-2018-0422 affects Cisco Webex Meetings Client for Windows. The vulnerability stems from folder permissions that allow a user to read, write, and execute files in the Webex user directories, enabling an authenticated, local attacker to modify locally stored files and execute code with...
CVE-2020-3413
The CVE-2020-3413 issue affects Cisco Webex Meetings, specifically the scheduled meeting template deletion feature. The root cause is insufficient authorization enforcement for requests to delete scheduled meeting templates, allowing an authenticated, remote attacker to delete a template belongin...
CVE-2019-1772
CVE-2019-1772 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling a crafted file to cause arbitrary code execution on the affected system when a user opens it. Exploit path: attacker emails or link...
CVE-2018-15408
CVE-2018-15408 affects Cisco Webex Network Recording Player and Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted file received via link or email attachment. ZDI details indicate remote code execution wi...
CVE-2020-3472
CVE-2020-3472 affects Cisco Webex Meetings via the Contacts feature. An authenticated, legitimate user can exploit improper access controls on users added to a contact list to view other users’ details (names, email addresses) by sending specially crafted requests. Impact and affected behavior ar...
CVE-2018-15414
Cisco Webex Network Recording Player (Windows) and Cisco Webex Player are affected by ARF/WRF file validation flaws that can lead to remote code execution when a user opens a malicious ARF/WRF file sent via link or email attachment. The root cause is improper validation of ARF/WRF files. Impact: ...
CVE-2019-1680
The CVE-2019-1680 issue affects Cisco Webex Business Suite pre-3.0.9 where improper input validation allows an unauthenticated, remote attacker to inject arbitrary text into a user’s browser via a malicious URL, enabling content injection and potential spoofing. Connected sources corroborate the ...
CVE-2018-15411
The CVE-2018-15411 issue affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, allowing arbitrary code execution when a user opens a malicious ARF/WRF file (via link or email attachment). Exploitation r...
CVE-2018-15413
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are vulnerable to remote code execution due to improper validation of ARF/WRF files. An attacker can craft a malicious ARF/WRF file and entice a user to open it, potentially executing arbitrary code in the user’s process afte...
CVE-2018-15412
CVE-2018-15412 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue arises from improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code by delivering a malicious ARF/WRF file via link or email and convincing a user to ...
CVE-2018-15418
CVE-2018-15418 affects Cisco Webex Network Recording Player and Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. Impact is arbitrary code execution wi...
CVE-2018-15416
CVE-2018-15416 affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling a crafted file to trigger arbitrary code execution when a user opens it with the affected software. Attacks require user interaction (ph...
CVE-2018-15417
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by a vulnerability where ARF/WRF file validation is improper, enabling arbitrary code execution when a user opens a malicious ARF/WRF file sent via link or attachment. The flaw allows remote code exec...
CVE-2018-15419
The CVE-2018-15419 issue affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF and WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via a link or email attachment. Impact is arbit...
CVE-2018-15409
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by a vulnerability in ARF/WRF file processing that could allow remote code execution. The root cause is improper validation of ARF/WRF data, enabling an attacker to craft a malicious file or link sent...
CVE-2018-15420
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by CVE-2018-15420. The root cause is improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code when a user opens a malicious ARF/WRF file delivered via link or email attachm...