19 matches found
CVE-2020-3535
CVE-2020-3535 – Cisco Webex Teams for Windows DLL Hijacking . A local, authenticated attacker can place a malicious DLL in a specific location; when Webex Teams launches, the DLL is loaded and code executes with the privileges of another user. The vulnerability stems from incorrect runtime handli...
CVE-2022-20863
Cisco Webex App (formerly Webex Teams) contains a vulnerability in its messaging interface that could allow an unauthenticated, remote attacker to manipulate displayed links or content by exploiting improper handling of character rendering. The issue arises when messages are processed in the inte...
CVE-2020-3541
CVE-2020-3541 affects Cisco Webex on Windows (Webex Meetings Client/Desktop App/Teams). The root cause is unsafe logging of authentication requests, allowing an authenticated, local attacker to read log files in the application directory and access sensitive information. Impact is information dis...
CVE-2021-1242
CVE-2021-1242 affects Cisco Webex Teams (Webex/Jabber client) where the shared-file name display can be manipulated due to improper character rendering. An unauthenticated, remote attacker could share a file to alter how the file name appears in the messaging interface, enabling phishing or spoof...
CVE-2019-1689
Cisco Webex Teams for iOS has a vulnerability in the iOS client app’s input validation that could allow an authenticated, remote attacker to upload arbitrary files within the app’s scope. An attacker could lure a targeted user into opening a malicious file, potentially overwriting sensitive appli...
CVE-2025-20236
Cisco Webex App is affected by a client-side vulnerability in the custom URL parser that could allow an unauthenticated attacker to convince a user to download arbitrary files, potentially executing commands with the user’s privileges. Root cause: insufficient input validation when processing mee...
CVE-2020-3131
The CVE-2020-3131 issue affects the Cisco Webex Teams client for Windows, caused by insufficient input validation when processing received adaptive cards. Affected component: the Windows client (Release 3.0.13131). Exploit requires an authenticated attacker with a valid developer account to send ...
CVE-2019-1939
Cisco Webex Teams for Windows is affected by a command-execution vulnerability arising from improper restrictions on the software’s logging features. An unauthenticated, remote attacker can lure a target user to visit a crafted website, enabling the attacker to modify files and run arbitrary comm...
CVE-2019-16001
Cisco Webex Teams for Windows is affected by CVE-2019-16001: a DLL hijacking vulnerability due to insufficient validation of resources loaded at run time. An authenticated, local attacker can craft a malicious DLL and place it in a specific location; the DLL executes when the vulnerable app launc...
CVE-2020-3155
CVE-2020-3155 is a Cisco Intelligent Proximity SSL certificate validation vulnerability. The issue stems from a lack of validation of the SSL server certificate when establishing connections to Cisco Webex video devices or Cisco collaboration endpoints. An unauthenticated, remote attacker could p...
CVE-2021-1536
CVE-2021-1536 affects Cisco Webex products on Windows (Webex Meetings Desktop App, Webex Meetings Server, Webex Network Recording Player, and Webex Teams). The issue is a directory-path handling flaw that lets an authenticated, local attacker place a configuration file to cause loading of a malic...
CVE-2024-20395
Cisco Webex App contains a vulnerability in the media retrieval functionality that could allow an unauthenticated, adjacent attacker to access sensitive session information by intercepting insecurely transmitted requests for embedded media. The root cause is insecure transmission of requests to b...
CVE-2019-1636
Cisco Webex Teams (formerly Cisco Spark) is affected by CVE-2019-1636, an insecure library loading vulnerability in the Webex Teams URI handler. The issue arises from unsafe search paths used by the Windows URI, allowing a crafted library placed in a targeted directory to be loaded by the applica...
CVE-2023-20104
CVE-2023-20104 affects Cisco Webex App for Web. The vulnerability resides in the file upload functionality where insufficient validation of user-supplied input enables an unauthenticated, remote attacker to trigger cross-site scripting (XSS) by persuading a user to visit a crafted URL after recei...
CVE-2024-20396
CVE-2024-20396 affects Cisco Webex App: vulnerability in protocol/file handlers allows unauthenticated, remote access to sensitive information via specially crafted links. Impact targets credentials transmitted in requests; CVSS info shows network vector with user interaction required. Cisco advi...
CVE-2021-1502
CVE-2021-1502 affects Cisco Webex Network Recording Player and Webex Player for Windows and macOS. Root cause: memory corruption due to insufficient validation of ARF/WRF recording files. Attackers can deliver a crafted ARF/WRF via a link or email attachment and persuade a user to open it, enabli...
CVE-2018-0436
CVE-2018-0436 concerns Cisco Webex Teams (formerly Cisco Spark). The issue arises from insufficient checks for associations between user accounts and organization accounts, enabling an authenticated, remote attacker with administrator or compliance officer privileges for one organization to view ...
CVE-2018-0387
CVE-2018-0387 describes a remote code execution vulnerability in Cisco Webex Teams for Windows and macOS. The issue stems from improper input sanitization, allowing an unauthenticated, remote attacker to craft a malicious link that, when opened by a user, could execute arbitrary code with elevate...
CVE-2020-26067
CVE-2020-26067 concerns Cisco Webex Teams web interface. Affected component: web-based interface; issue arises from improper validation of usernames. An authenticated, remote attacker can create an account containing malicious HTML/script and join a space with that name, enabling cross-site scrip...