Cisco Webex Meetings Server vulnerabilities

CVE-2021-1525 [MEDIUM] CWE-601 CVE-2021-1525: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL th

CVE-2021-1517 [MEDIUM] CWE-693 CVE-2021-1517: A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file throug

CVE-2021-1221 [MEDIUM] CWE-20 CVE-2021-1221: A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Softwa A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user int

CVE-2021-1311 [MEDIUM] CWE-307 CVE-2021-1311: A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requ

CVE-2020-3419 [MEDIUM] CWE-913 CVE-2020-3419: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted re

CVE-2020-3441 [MEDIUM] CWE-20 CVE-2020-3441: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A success

CVE-2020-3471 [MEDIUM] CWE-20 CVE-2020-3471: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vul

CVE-2020-3345 [MEDIUM] CWE-20 CVE-2020-3345: A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could a A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow

CVE-2020-3361 [HIGH] CWE-287 CVE-2020-3361: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vu

CVE-2020-3342 [HIGH] CWE-295 CVE-2020-3342: A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could all A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker

CVE-2020-3263 [HIGH] CWE-20 CVE-2020-3263: A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exp

CVE-2020-3347 [MEDIUM] CWE-200 CVE-2020-3347: A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability b

CVE-2019-1954 [MEDIUM] CWE-601 CVE-2019-1954: A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulne

CVE-2019-1868 [HIGH] CWE-16 CVE-2019-1868: A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to a

CVE-2019-1655 [MEDIUM] CWE-79 CVE-2019-1655: A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An att