Cisco Webex Meetings vulnerabilities

CVE-2021-1503 [HIGH] CWE-119 CVE-2021-1503: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording F

CVE-2021-1526 [HIGH] CWE-119 CVE-2021-1526: A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbit A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through

CVE-2021-1502 [HIGH] CWE-119 CVE-2021-1502: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recordi

CVE-2021-1544 [MEDIUM] CWE-497 CVE-2021-1544: A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authent A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged d

CVE-2021-1527 [MEDIUM] CWE-119 CVE-2021-1527: A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the aff A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WR

CVE-2021-1420 [MEDIUM] CWE-80 CVE-2021-1420: A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designe

CVE-2021-1467 [MEDIUM] CWE-284 CVE-2021-1467: A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they ar

CVE-2021-1351 [MEDIUM] CWE-80 CVE-2021-1351: A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, r A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service

CVE-2021-1310 [MEDIUM] CWE-601 CVE-2021-1310: A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthe A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. A

CVE-2020-27126 [MEDIUM] CWE-80 CVE-2020-27126: A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targe

CVE-2020-3541 [MEDIUM] CWE-200 CVE-2020-3541: A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webe A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. A

CVE-2020-3542 [MEDIUM] CWE-20 CVE-2020-3542: A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a pass A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the ap

CVE-2020-3440 [MEDIUM] CWE-22 CVE-2020-3440: A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remo A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user

CVE-2020-3463 [MEDIUM] CWE-79 CVE-2020-3463: A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthe A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2020-3412 [MEDIUM] CWE-284 CVE-2020-3412: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an aut A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker c

CVE-2020-3413 [MEDIUM] CWE-284 CVE-2020-3413: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an aut A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker cou

CVE-2020-3502 [MEDIUM] CWE-20 CVE-2020-3502: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo

CVE-2020-3501 [MEDIUM] CWE-20 CVE-2020-3501: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo

CVE-2020-3472 [MEDIUM] CWE-200 CVE-2020-3472: A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by se

CVE-2020-3194 [HIGH] CWE-119 CVE-2020-3194: A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the