Lucene search
K
CiscoWebex Meetings Server

136 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6788 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/02/17 4:55 p.m.1880 views

CVE-2021-1372

Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...

5.5CVSS5.3AI score0.0041EPSS
CVE
CVE
added 2020/06/18 2:17 a.m.1305 views

CVE-2020-3361

CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...

9.8CVSS9.2AI score0.02364EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.905 views

CVE-2020-3441

Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...

5.3CVSS5.1AI score0.01546EPSS
CVE
CVE
added 2020/11/06 6:16 p.m.790 views

CVE-2020-3573

Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by multiple ARF/WRF parsing vulnerabilities. The flaws stem from insufficient validation during ARF/WRF parsing and an uninitialized pointer, enabling arbitrary code execution when a user opens a mali...

9.3CVSS7.9AI score0.02634EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.531 views

CVE-2020-3345

Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...

4.3CVSS4.5AI score0.01212EPSS
CVE
CVE
added 2017/02/01 11:0 a.m.160 views

CVE-2017-3823

The CVE-2017-3823 issue affects Cisco WebEx browser extensions: Chrome WebEx Extension prior to 1.0.7, Firefox’s ActiveTouch General Plugin Container prior to 106, Internet Explorer’s GpcContainer ActiveX control prior to 10031.6.2017.0126, and Internet Explorer’s Download Manager ActiveX control...

9.3CVSS8.8AI score0.27231EPSS
Web
CVE
CVE
added 2017/10/19 8:0 a.m.109 views

CVE-2017-12293

CVE-2017-12293 affects Cisco WebEx Meetings Server. An unauthenticated, remote attacker can cause a DoS by opening multiple connections and exhausting resources. The root cause is insufficient limits on the number of concurrent connections. Impact: server reloads with a DoS condition. The availab...

8.6CVSS8.3AI score0.02297EPSS
CVE
CVE
added 2017/07/25 7:0 p.m.102 views

CVE-2017-6753

Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...

9.3CVSS8.6AI score0.05951EPSS
CVE
CVE
added 2019/11/26 3:42 a.m.99 views

CVE-2019-15987

CVE-2019-15987 affects Cisco Webex Centers suite (Webex Event Center, Meeting Center, Support Center, Training Center). Root cause: missing CAPTCHA on select URLs allows unauthenticated, remote attacker to enumerate usernames and potentially obtain real names. Impact is information disclosure (no...

5.3CVSS5.2AI score0.01581EPSS
CVE
CVE
added 2020/09/23 12:25 a.m.99 views

CVE-2020-3116

Cisco Webex Centers vulnerability CVE-2020-3116: A flaw in how Webex/Cisco Webex Center applications process Universal Communications Format (UCF) files can allow a DoS when a user opens a malicious UCF file received via link or email. Root cause: insufficient validation of UCF media files. Impac...

5.5CVSS5.3AI score0.00664EPSS
CVE
CVE
added 2019/08/07 9:10 p.m.96 views

CVE-2019-1924

Cisco CVE-2019-1924 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue stems from improper validation of ARF/WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. The exploit...

9.3CVSS7.9AI score0.01465EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.95 views

CVE-2021-1536

CVE-2021-1536 affects Cisco Webex products on Windows (Webex Meetings Desktop App, Webex Meetings Server, Webex Network Recording Player, and Webex Teams). The issue is a directory-path handling flaw that lets an authenticated, local attacker place a configuration file to cause loading of a malic...

7.8CVSS6.8AI score0.00326EPSS
CVE
CVE
added 2019/11/26 3:12 a.m.92 views

CVE-2019-15284

Consolidated details confirm CVE-2019-15284 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is insufficient validation of certain elements within ARF/WRF Webex recordings, enabling an attacker to execute arbitrary code on a targeted syst...

9.3CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2019/08/07 9:20 p.m.92 views

CVE-2019-1928

The CVE-2019-1928 entries describe multiple ARF/WRF parsing vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, which can be exploited by sending a malicious file via a link or email attach...

9.3CVSS7.9AI score0.01452EPSS
CVE
CVE
added 2019/08/07 9:15 p.m.88 views

CVE-2019-1927

CVE-2019-1927 affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a malicious ARF/WRF file received via link or email attachment. Impact: code runs with the user’s pr...

9.3CVSS8AI score0.01465EPSS
CVE
CVE
added 2019/08/07 9:20 p.m.88 views

CVE-2019-1929

The CVE-2019-1929 family covers multiple vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code on the target system. Exploitation requires a user to open a ...

9.3CVSS7.9AI score0.01452EPSS
CVE
CVE
added 2017/10/05 7:0 a.m.86 views

CVE-2017-12257

The CVE-2017-12257 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco WebEx Meetings Server’s web framework caused by insufficient input validation on web parameters. An unauthenticated, remote attacker could lure a user to a malicious link or intercept and modify a request, potentially...

6.1CVSS6AI score0.00868EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.86 views

CVE-2020-3127

Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...

9.3CVSS7.8AI score0.02256EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.85 views

CVE-2019-15285

Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2017/10/19 8:0 a.m.83 views

CVE-2017-12296

CVE-2017-12296 affects Cisco WebEx Meetings Server (CWMS). The issue stems from insufficient input validation on parameters passed to the web server, enabling unauthenticated, remote attackers to trigger cross-site scripting (XSS). An attacker can lure a user to a malicious link or intercept a us...

6.1CVSS6AI score0.0122EPSS
CVE
CVE
added 2019/11/26 3:11 a.m.83 views

CVE-2019-15286

CVE-2019-15286 covers multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows caused by insufficient validation of Webex ARF/WRF recordings. An attacker could craft a malicious ARF/WRF file and persuade a user to open it, execut...

9.3CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2020/04/13 4:40 p.m.82 views

CVE-2020-3126

Cisco Webex Meetings Multimedia Viewer vulnerability (CVE-2020-3126) allows an authenticated, remote attacker with the host role to bypass security warnings when viewing shared multimedia. The root cause is missing warning dialog boxes that should appear before a file is displayed; a former room ...

3.5CVSS3.9AI score0.00863EPSS
CVE
CVE
added 2020/03/04 6:40 p.m.82 views

CVE-2020-3128

Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...

9.3CVSS7.8AI score0.01893EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.82 views

CVE-2020-3471

CVE-2020-3471 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The issue is a synchronization flaw between meeting and media services that can allow an unauthenticated, remote attacker to keep bidirectional audio after the attacker is expelled from a Webex session. Attackers could ex...

6.5CVSS6.5AI score0.01734EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.82 views

CVE-2021-1502

CVE-2021-1502 affects Cisco Webex Network Recording Player and Webex Player for Windows and macOS. Root cause: memory corruption due to insufficient validation of ARF/WRF recording files. Attackers can deliver a crafted ARF/WRF via a link or email attachment and persuade a user to open it, enabli...

7.8CVSS7.8AI score0.01081EPSS
CVE
CVE
added 2019/08/07 9:15 p.m.81 views

CVE-2019-1926

Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2019-1926 due to improper validation of ARF/WRF files, enabling arbitrary code execution. The exploit involves sending a malicious ARF/WRF file via a link or email attachment and convincing the user to ope...

9.3CVSS7.9AI score0.01508EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.81 views

CVE-2021-1503

CVE-2021-1503 (Cisco Webex Webex Player/Network Recording Player) : A memory corruption vulnerability caused by insufficient validation of values in Webex recording files formatted as ARF or WRF in Cisco Webex Network Recording Player (Windows/macOS) and Webex Player (Windows/macOS). An attacker ...

7.8CVSS7.8AI score0.01024EPSS
CVE
CVE
added 2020/11/06 6:17 p.m.80 views

CVE-2020-3603

Cisco WebEx Network Recording Player for Windows and Cisco WebEx Player for Windows contain ARF/WRF parsing vulnerabilities that allow remote code execution. The issue stems from insufficient validation of elements within Webex recordings, enabling a malicious ARF/WRF file delivered via link or e...

9.3CVSS7.9AI score0.02506EPSS
CVE
CVE
added 2017/10/24 2:0 p.m.75 views

CVE-2014-0691

CVE-2014-0691 affects Cisco WebEx Meetings Server prior to version 1.1. The vulnerability arises from meeting IDs with insufficient entropy, enabling remote attackers to bypass authentication and join arbitrary meetings without a password. Exploitation details are not provided beyond this descrip...

7.3CVSS7.3AI score0.0102EPSS
CVE
CVE
added 2019/08/07 9:10 p.m.75 views

CVE-2019-1925

Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...

9.3CVSS7.9AI score0.01452EPSS
CVE
CVE
added 2019/05/15 7:25 p.m.74 views

CVE-2019-1773

The CVE-2019-1773 issue affects the Cisco Webex Network Recording Player and the Cisco Webex Player for Windows. The vulnerability arises from improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code when a user ...

9.3CVSS7.6AI score0.01713EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.74 views

CVE-2020-3419

CVE-2020-3419 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The root cause is improper handling of authentication tokens, allowing an unauthenticated, remote attacker to join a Webex meeting without appearing on the participant list. Exploitation requires access to join links and ...

9.1CVSS7.2AI score0.01744EPSS
CVE
CVE
added 2019/06/05 4:25 p.m.73 views

CVE-2019-1868

CVE-2019-1868 affects Cisco Webex Meetings Server: the web-based management interface has improper access control to files, allowing an unauthenticated, remote attacker to access sensitive system information by sending a malicious request. Exploitation details are not publicly provided beyond thi...

7.5CVSS6AI score0.02076EPSS
CVE
CVE
added 2020/04/15 8:10 p.m.71 views

CVE-2020-3194

The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...

9.3CVSS7.7AI score0.01907EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.71 views

CVE-2021-1517

CVE-2021-1517 concerns a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Webex Meetings Server . The issue arises from unsafe handling of shared content within the multimedia viewer, enabling an authenticated, remote attacker to bypass security protections by sharing a ...

5CVSS4.7AI score0.00825EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.70 views

CVE-2019-15283

CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2017/11/02 4:0 p.m.69 views

CVE-2017-12295

Cisco WebEx Meetings Server is affected by an information-disclosure vulnerability (CVE-2017-12295) where the HTTP header replies can reveal internal network data to unauthenticated remote attackers. The root cause is exposure of sensitive information in HTTP responses, enabling reconnaissance. T...

5.3CVSS5.4AI score0.01702EPSS
CVE
CVE
added 2020/09/23 12:35 a.m.69 views

CVE-2019-15287

CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...

9.3CVSS7.8AI score0.01715EPSS
CVE
CVE
added 2017/01/26 7:45 a.m.66 views

CVE-2017-3797

CVE-2017-3797 affects Cisco WebEx Meetings Server. An unauthenticated remote attacker could view the fully qualified domain name of the Cisco WebEx administration server due to insufficient masking in HTTP responses. Cisco’s advisory confirms that updates exist to address this information-disclos...

5.3CVSS5.2AI score0.01584EPSS
CVE
CVE
added 2019/08/08 7:30 a.m.66 views

CVE-2019-1954

Cisco Webex Meetings Server Open Redirect (CVE-2019-1954) is due to improper input validation of URL parameters in the web-based management interface. An unauthenticated, remote attacker could craft an HTTP request to cause the application to redirect a user to a malicious URL. Cisco’s advisory s...

6.1CVSS5.5AI score0.01069EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.65 views

CVE-2017-12372

CVE-2017-12372 is a Cisco WebEx Network Recording Player remote code execution vulnerability in ARF/WRF playback. The flaw allows a remote attacker to cause the affected WebEx players to crash and, in the worst case, execute arbitrary code on the user’s system when a malicious ARF or WRF file is ...

9.6CVSS9.6AI score0.0298EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.65 views

CVE-2018-0109

CVE-2018-0109 affects Cisco WebEx Meetings Server (CWMS). The vulnerability is an information-disclosure flaw that could allow an authenticated attacker with root privileges to view sensitive data and shared secrets by accessing the root account. Consequences: potential exposure of application de...

4CVSS3.7AI score0.01218EPSS
CVE
CVE
added 2021/01/13 9:46 p.m.65 views

CVE-2021-1311

CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...

5.5CVSS5.4AI score0.01263EPSS
CVE
CVE
added 2017/01/26 7:45 a.m.64 views

CVE-2017-3795

CVE-2017-3795 affects Cisco WebEx Meetings Server; authenticated, remote attackers could perform arbitrary password changes for non-administrative users due to insufficient parameter security. Affected release: 2.6; fixed in 2.7.1.12. Cisco advisory cisco-sa-20170118-wms1 documents the issue and ...

6.5CVSS5.6AI score0.01313EPSS
CVE
CVE
added 2018/01/04 6:0 a.m.64 views

CVE-2018-0104

The CVE-2018-0104 issue concerns Cisco WebEx Network Recording Player for ARF files. A remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file and convincing them to open it. Affected products include Cisco WebEx Business S...

9.6CVSS9.4AI score0.03774EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.64 views

CVE-2018-0111

CVE-2018-0111 concerns Cisco WebEx Meetings Server and is described in multiple sources as an information-disclosure vulnerability that could allow an unauthenticated, remote attacker to access sensitive data about the application. The root cause is a design flaw that could expose internal networ...

5.3CVSS5.3AI score0.01723EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.64 views

CVE-2021-1525

Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2021-1525, an input-validation flaw in URL paths that allows an unauthenticated, remote attacker to redirect users to a remote (malicious) file. Exploitation requires convincing a user to follow a crafted URL, enabling the attacke...

6.1CVSS5.1AI score0.00783EPSS
CVE
CVE
added 2015/02/07 3:0 p.m.62 views

CVE-2015-0589

The CVE-2015-0589 issue affects Cisco WebEx Meetings Server (versions 1.0–1.5). The root cause is improper user input validation in the administrative web interface, allowing an authenticated, remote attacker to inject commands and execute arbitrary OS commands with root privileges via unspecifie...

9CVSS7.5AI score0.03439EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.62 views

CVE-2017-12359

Converging sources confirm CVE-2017-12359 is a buffer overflow in the Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files. The vulnerability allows an attacker to achieve arbitrary code execution on a target system by convincing a user to open a malicious .arf file del...

6.5CVSS7AI score0.01674EPSS
Total number of security vulnerabilities136