Cisco Webex Meetings vulnerabilities

CVE-2021-1410 [MEDIUM] CWE-284 CVE-2021-1410: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authent A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerabili

CVE-2022-20654 [MEDIUM] CWE-80 CVE-2022-20654: A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticat A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could e

CVE-2023-20133 [MEDIUM] CWE-79 CVE-2023-20133: A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote at A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions.

CVE-2023-20180 [MEDIUM] CWE-352 CVE-2023-20180: A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a u

CVE-2021-1544 [MEDIUM] CWE-497 CVE-2021-1544: A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authent A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged d

CVE-2021-1467 [MEDIUM] CWE-284 CVE-2021-1467: A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they ar

CVE-2021-1372 [MEDIUM] CWE-202 CVE-2021-1372: A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could a A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploi

CVE-2021-1351 [MEDIUM] CWE-80 CVE-2021-1351: A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, r A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service

CVE-2021-1221 [MEDIUM] CWE-20 CVE-2021-1221: A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Softwa A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user int

CVE-2021-1311 [MEDIUM] CWE-307 CVE-2021-1311: A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requ

CVE-2021-1310 [MEDIUM] CWE-601 CVE-2021-1310: A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthe A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. A

CVE-2020-27126 [MEDIUM] CWE-80 CVE-2020-27126: A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targe

CVE-2020-3441 [MEDIUM] CWE-20 CVE-2020-3441: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A success

CVE-2020-3604 [HIGH] CWE-119 CVE-2020-3604: Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Fo

CVE-2020-3603 [HIGH] CWE-119 CVE-2020-3603: Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Fo

CVE-2020-3573 [HIGH] CWE-119 CVE-2020-3573: Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Fo

CVE-2020-3588 [HIGH] CWE-22 CVE-2020-3588: A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of

CVE-2019-15287 [HIGH] CWE-119 CVE-2019-15287: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15283 [HIGH] CWE-119 CVE-2019-15283: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15285 [HIGH] CWE-119 CVE-2019-15285: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (