136 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-1372
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...
CVE-2020-3361
CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...
CVE-2020-3441
Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...
CVE-2020-3573
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by multiple ARF/WRF parsing vulnerabilities. The flaws stem from insufficient validation during ARF/WRF parsing and an uninitialized pointer, enabling arbitrary code execution when a user opens a mali...
CVE-2020-3345
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...
CVE-2017-3823
The CVE-2017-3823 issue affects Cisco WebEx browser extensions: Chrome WebEx Extension prior to 1.0.7, Firefox’s ActiveTouch General Plugin Container prior to 106, Internet Explorer’s GpcContainer ActiveX control prior to 10031.6.2017.0126, and Internet Explorer’s Download Manager ActiveX control...
CVE-2017-12293
CVE-2017-12293 affects Cisco WebEx Meetings Server. An unauthenticated, remote attacker can cause a DoS by opening multiple connections and exhausting resources. The root cause is insufficient limits on the number of concurrent connections. Impact: server reloads with a DoS condition. The availab...
CVE-2017-6753
Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...
CVE-2019-15987
CVE-2019-15987 affects Cisco Webex Centers suite (Webex Event Center, Meeting Center, Support Center, Training Center). Root cause: missing CAPTCHA on select URLs allows unauthenticated, remote attacker to enumerate usernames and potentially obtain real names. Impact is information disclosure (no...
CVE-2020-3116
Cisco Webex Centers vulnerability CVE-2020-3116: A flaw in how Webex/Cisco Webex Center applications process Universal Communications Format (UCF) files can allow a DoS when a user opens a malicious UCF file received via link or email. Root cause: insufficient validation of UCF media files. Impac...
CVE-2019-1924
Cisco CVE-2019-1924 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue stems from improper validation of ARF/WRF files, enabling remote code execution when a user opens a malicious ARF/WRF file delivered via link or email attachment. The exploit...
CVE-2021-1536
CVE-2021-1536 affects Cisco Webex products on Windows (Webex Meetings Desktop App, Webex Meetings Server, Webex Network Recording Player, and Webex Teams). The issue is a directory-path handling flaw that lets an authenticated, local attacker place a configuration file to cause loading of a malic...
CVE-2019-15284
Consolidated details confirm CVE-2019-15284 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is insufficient validation of certain elements within ARF/WRF Webex recordings, enabling an attacker to execute arbitrary code on a targeted syst...
CVE-2019-1928
The CVE-2019-1928 entries describe multiple ARF/WRF parsing vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, which can be exploited by sending a malicious file via a link or email attach...
CVE-2019-1927
CVE-2019-1927 affects Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a malicious ARF/WRF file received via link or email attachment. Impact: code runs with the user’s pr...
CVE-2019-1929
The CVE-2019-1929 family covers multiple vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The root cause is improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code on the target system. Exploitation requires a user to open a ...
CVE-2017-12257
The CVE-2017-12257 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco WebEx Meetings Server’s web framework caused by insufficient input validation on web parameters. An unauthenticated, remote attacker could lure a user to a malicious link or intercept and modify a request, potentially...
CVE-2020-3127
Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...
CVE-2019-15285
Cisco CVE-2019-15285 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Root cause: insufficient validation of elements in Webex recordings stored as ARF/WRF, exploitable when a user opens a crafted ARF/WRF file del...
CVE-2019-15286
CVE-2019-15286 covers multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows caused by insufficient validation of Webex ARF/WRF recordings. An attacker could craft a malicious ARF/WRF file and persuade a user to open it, execut...
CVE-2020-3126
Cisco Webex Meetings Multimedia Viewer vulnerability (CVE-2020-3126) allows an authenticated, remote attacker with the host role to bypass security warnings when viewing shared multimedia. The root cause is missing warning dialog boxes that should appear before a file is displayed; a former room ...
CVE-2020-3128
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...
CVE-2020-3471
CVE-2020-3471 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The issue is a synchronization flaw between meeting and media services that can allow an unauthenticated, remote attacker to keep bidirectional audio after the attacker is expelled from a Webex session. Attackers could ex...
CVE-2021-1502
CVE-2021-1502 affects Cisco Webex Network Recording Player and Webex Player for Windows and macOS. Root cause: memory corruption due to insufficient validation of ARF/WRF recording files. Attackers can deliver a crafted ARF/WRF via a link or email attachment and persuade a user to open it, enabli...
CVE-2017-12296
CVE-2017-12296 affects Cisco WebEx Meetings Server (CWMS). The issue stems from insufficient input validation on parameters passed to the web server, enabling unauthenticated, remote attackers to trigger cross-site scripting (XSS). An attacker can lure a user to a malicious link or intercept a us...
CVE-2019-1926
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2019-1926 due to improper validation of ARF/WRF files, enabling arbitrary code execution. The exploit involves sending a malicious ARF/WRF file via a link or email attachment and convincing the user to ope...
CVE-2021-1503
CVE-2021-1503 (Cisco Webex Webex Player/Network Recording Player) : A memory corruption vulnerability caused by insufficient validation of values in Webex recording files formatted as ARF or WRF in Cisco Webex Network Recording Player (Windows/macOS) and Webex Player (Windows/macOS). An attacker ...
CVE-2020-3603
Cisco WebEx Network Recording Player for Windows and Cisco WebEx Player for Windows contain ARF/WRF parsing vulnerabilities that allow remote code execution. The issue stems from insufficient validation of elements within Webex recordings, enabling a malicious ARF/WRF file delivered via link or e...
CVE-2014-0691
CVE-2014-0691 affects Cisco WebEx Meetings Server prior to version 1.1. The vulnerability arises from meeting IDs with insufficient entropy, enabling remote attackers to bypass authentication and join arbitrary meetings without a password. Exploitation details are not provided beyond this descrip...
CVE-2019-1925
Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...
CVE-2019-1773
The CVE-2019-1773 issue affects the Cisco Webex Network Recording Player and the Cisco Webex Player for Windows. The vulnerability arises from improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code when a user ...
CVE-2020-3419
CVE-2020-3419 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The root cause is improper handling of authentication tokens, allowing an unauthenticated, remote attacker to join a Webex meeting without appearing on the participant list. Exploitation requires access to join links and ...
CVE-2019-1868
CVE-2019-1868 affects Cisco Webex Meetings Server: the web-based management interface has improper access control to files, allowing an unauthenticated, remote attacker to access sensitive system information by sending a malicious request. Exploitation details are not publicly provided beyond thi...
CVE-2020-3194
The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...
CVE-2021-1517
CVE-2021-1517 concerns a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Webex Meetings Server . The issue arises from unsafe handling of shared content within the multimedia viewer, enabling an authenticated, remote attacker to bypass security protections by sharing a ...
CVE-2019-15283
CVE-2019-15283 involves multiple arbitrary code execution vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could deliver a maliciou...
CVE-2017-12295
Cisco WebEx Meetings Server is affected by an information-disclosure vulnerability (CVE-2017-12295) where the HTTP header replies can reveal internal network data to unauthenticated remote attackers. The root cause is exposure of sensitive information in HTTP responses, enabling reconnaissance. T...
CVE-2019-15287
CVE-2019-15287 covers multiple arbitrary-code-execution vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The flaws arise from insufficient validation of elements within Webex recordings stored in ARF or WRF formats. An attacker could entice a...
CVE-2017-3797
CVE-2017-3797 affects Cisco WebEx Meetings Server. An unauthenticated remote attacker could view the fully qualified domain name of the Cisco WebEx administration server due to insufficient masking in HTTP responses. Cisco’s advisory confirms that updates exist to address this information-disclos...
CVE-2019-1954
Cisco Webex Meetings Server Open Redirect (CVE-2019-1954) is due to improper input validation of URL parameters in the web-based management interface. An unauthenticated, remote attacker could craft an HTTP request to cause the application to redirect a user to a malicious URL. Cisco’s advisory s...
CVE-2017-12372
CVE-2017-12372 is a Cisco WebEx Network Recording Player remote code execution vulnerability in ARF/WRF playback. The flaw allows a remote attacker to cause the affected WebEx players to crash and, in the worst case, execute arbitrary code on the user’s system when a malicious ARF or WRF file is ...
CVE-2021-1311
CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...
CVE-2017-3795
CVE-2017-3795 affects Cisco WebEx Meetings Server; authenticated, remote attackers could perform arbitrary password changes for non-administrative users due to insufficient parameter security. Affected release: 2.6; fixed in 2.7.1.12. Cisco advisory cisco-sa-20170118-wms1 documents the issue and ...
CVE-2018-0104
The CVE-2018-0104 issue concerns Cisco WebEx Network Recording Player for ARF files. A remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file and convincing them to open it. Affected products include Cisco WebEx Business S...
CVE-2018-0109
CVE-2018-0109 affects Cisco WebEx Meetings Server (CWMS). The vulnerability is an information-disclosure flaw that could allow an authenticated attacker with root privileges to view sensitive data and shared secrets by accessing the root account. Consequences: potential exposure of application de...
CVE-2018-0111
CVE-2018-0111 concerns Cisco WebEx Meetings Server and is described in multiple sources as an information-disclosure vulnerability that could allow an unauthenticated, remote attacker to access sensitive data about the application. The root cause is a design flaw that could expose internal networ...
CVE-2021-1525
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2021-1525, an input-validation flaw in URL paths that allows an unauthenticated, remote attacker to redirect users to a remote (malicious) file. Exploitation requires convincing a user to follow a crafted URL, enabling the attacke...
CVE-2015-0589
The CVE-2015-0589 issue affects Cisco WebEx Meetings Server (versions 1.0–1.5). The root cause is improper user input validation in the administrative web interface, allowing an authenticated, remote attacker to inject commands and execute arbitrary OS commands with root privileges via unspecifie...
CVE-2017-12359
Converging sources confirm CVE-2017-12359 is a buffer overflow in the Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files. The vulnerability allows an attacker to achieve arbitrary code execution on a target system by convincing a user to open a malicious .arf file del...