Cisco Webex Meeting Center vulnerabilities

CVE-2017-12366 [MEDIUM] CWE-79 CVE-2017-12366: A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to con A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnera

CVE-2017-12297 [MEDIUM] CWE-20 CVE-2017-12297: A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initi A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a ma

CVE-2017-12359 [MEDIUM] CWE-119 CVE-2017-12359: A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Forma A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this

CVE-2017-12365 [MEDIUM] CWE-200 CVE-2017-12365: A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view un A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displaye

CVE-2017-12360 [MEDIUM] CWE-399 CVE-2017-12360: A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an

CVE-2017-12286 [MEDIUM] CWE-20 CVE-2017-12286: A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vu

CVE-2017-6753 [HIGH] CWE-119 CVE-2017-6753: A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event C

CVE-2017-3823 [HIGH] CWE-119 CVE-2017-3823: An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in th

CVE-2017-3799 [MEDIUM] CWE-601 CVE-2017-3799: A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, rem A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.

CVE-2015-6360 [HIGH] CWE-119 CVE-2015-6360: The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a d The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

CVE-2010-3270 [MEDIUM] CWE-119 CVE-2010-3270: Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP2 Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.