24 matches found
CVE-2021-1467
CVE-2021-1467 affects Cisco Webex Meetings for Android. The issue stems from improper authorization checks, allowing an authenticated remote actor in the same meeting to modify another user’s avatar by sending a crafted request to the targeted Webex client. Impact is limited to avatar modificatio...
CVE-2021-1372
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...
CVE-2020-3588
CVE-2020-3588 affects Cisco Webex Meetings Desktop App for Windows in virtual desktop environments. The root cause is improper validation of messages processed by the virtualization channel interface, allowing a local attacker with limited privileges to execute arbitrary code with the user’s priv...
CVE-2020-3541
CVE-2020-3541 affects Cisco Webex on Windows (Webex Meetings Client/Desktop App/Teams). The root cause is unsafe logging of authentication requests, allowing an authenticated, local attacker to read log files in the application directory and access sensitive information. Impact is information dis...
CVE-2020-3347
CVE-2020-3347 affects Cisco Webex Meetings Desktop App for Windows. The flaw stems from unsafe usage of shared memory in the Webex memory map/trace implementation, allowing an authenticated, local attacker to read sensitive data (e.g., usernames, meeting information, authentication tokens) from s...
CVE-2020-3345
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2020-3345, an HTML injection vulnerability rooted in improper parameter validation on web pages. An unauthenticated, remote attacker can entice a user to follow a crafted link that injects HTML into an affected parameter, enabling...
CVE-2021-1544
CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...
CVE-2020-3440
CVE-2020-3440 affects Cisco Webex Meetings Desktop App for Windows. The root cause is improper validation of URL parameters sent from a website, enabling an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Exploitation involves convincing a user to click a craf...
CVE-2018-0264
Summary: CVE-2018-0264 affects Cisco WebEx ARF playback components across WebEx Business Suite, Meetings sites, Meetings Server, and ARF Player. An unauthenticated, remote attacker can trigger arbitrary code execution by sending a user a link or email attachment containing a malicious ARF file an...
CVE-2019-15960
CVE-2019-15960 is a Cisco Webex Meetings privilege-escalation vulnerability affecting the Webex Network Recording Admin page. The issue arises from insufficient access-control validation, allowing an authenticated, low-privilege administrator to exploit a crafted URL request to gain privileged ac...
CVE-2021-1310
CVE-2021-1310 affects Cisco Webex Meetings’ web-based management interface. It is an open redirect vulnerability caused by improper validation of URL parameters in an HTTP request, allowing an unauthenticated attacker to persuade a user to click a crafted link and be redirected to a malicious sit...
CVE-2019-16001
Cisco Webex Teams for Windows is affected by CVE-2019-16001: a DLL hijacking vulnerability due to insufficient validation of resources loaded at run time. An authenticated, local attacker can craft a malicious DLL and place it in a specific location; the DLL executes when the vulnerable app launc...
CVE-2020-3155
CVE-2020-3155 is a Cisco Intelligent Proximity SSL certificate validation vulnerability. The issue stems from a lack of validation of the SSL server certificate when establishing connections to Cisco Webex video devices or Cisco collaboration endpoints. An unauthenticated, remote attacker could p...
CVE-2019-1674
CVE-2019-1674 is a local OS command injection in Cisco Webex Updates: the update service accepts crafted parameters, allowing an attacker with local access to execute commands with SYSTEM privileges. Affected: Cisco Webex Meetings Desktop App for Windows and Cisco Webex Productivity Tools. Root c...
CVE-2020-3263
The CVE-2020-3263 entry concerns Cisco Webex Meetings Desktop App. Affected component: the client’s URL handling where input is not properly validated. Root cause: improper validation of input supplied to application URLs. Impact: could allow an unauthenticated, remote attacker to persuade a user...
CVE-2020-3342
CVE-2020-3342 is a code-execution vulnerability in Cisco Webex Meetings Desktop App for Mac related to the update feature. The issue stems from improper validation of cryptographic protections on files downloaded during an update, allowing an unauthenticated, remote attacker to persuade a user to...
CVE-2020-3603
Cisco WebEx Network Recording Player for Windows and Cisco WebEx Player for Windows contain ARF/WRF parsing vulnerabilities that allow remote code execution. The issue stems from insufficient validation of elements within Webex recordings, enabling a malicious ARF/WRF file delivered via link or e...
CVE-2020-3604
Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows are affected by ARF/WRF parsing vulnerabilities (CVE-2020-3604). The issue stems from insufficient validation of Webex recording elements, enabling an attacker to execute arbitrary code when a user opens a malicio...
CVE-2021-1311
CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...
CVE-2021-1221
The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...
CVE-2019-1677
Summary: CVE-2019-1677 is a cross-site scripting vulnerability in Cisco Webex Meetings for Android. An unauthenticated, local attacker could exploit insufficient validation of input parameters by sending a crafted intent, allowing script execution in the Webex app context. Affected versions: prio...
CVE-2020-3501
Cisco Webex Meetings Desktop App has CVE-2020-3501 describing information disclosure due to improper input validation of parameters returned from a website. An authenticated, remote attacker could lure a user to a crafted URL to access restricted information from other Webex users. Multiple sourc...
CVE-2020-3502
Cisco Webex Meetings Desktop App contains information disclosure vulnerabilities in its user interface due to improper input validation of parameters returned from a website. An authenticated remote attacker could lure a user via a crafted URL to extract restricted information from other Webex us...
CVE-2025-20291
CVE-2025-20291 (Cisco Webex Meetings URL Redirect) : A vulnerability in Cisco Webex Meetings arises from insufficient validation of URLs in a meeting-join URL, enabling an unauthenticated, remote attacker to redirect a targeted user to a site controlled by the attacker. The issue is mitigated by ...