Cisco Webex Meetings vulnerabilities

CVE-2020-3541 [MEDIUM] CWE-200 CVE-2020-3541: A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webe A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. A

CVE-2020-3440 [MEDIUM] CWE-22 CVE-2020-3440: A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remo A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user

CVE-2020-3502 [MEDIUM] CWE-20 CVE-2020-3502: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo

CVE-2020-3501 [MEDIUM] CWE-20 CVE-2020-3501: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo

CVE-2020-3345 [MEDIUM] CWE-20 CVE-2020-3345: A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could a A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow

CVE-2020-3361 [CRITICAL] CWE-287 CVE-2020-3361: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to

CVE-2020-3342 [HIGH] CWE-295 CVE-2020-3342: A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could all A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker

CVE-2020-3263 [HIGH] CWE-20 CVE-2020-3263: A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exp

CVE-2020-3347 [MEDIUM] CWE-200 CVE-2020-3347: A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability b

CVE-2020-3194 [HIGH] CWE-119 CVE-2020-3194: A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the

CVE-2020-3128 [HIGH] CWE-20 CVE-2020-3128: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording For

CVE-2020-3127 [HIGH] CWE-20 CVE-2020-3127: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording For

CVE-2020-3182 [MEDIUM] CWE-200 CVE-2020-3182: A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client fo A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could explo

CVE-2019-15960 [MEDIUM] CWE-264 CVE-2019-15960: A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an aut A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An a

CVE-2019-1948 [MEDIUM] CWE-295 CVE-2019-1948: A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by

CVE-2019-1674 [HIGH] CWE-78 CVE-2019-1674: A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivi A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking

CVE-2019-1677 [MEDIUM] CWE-79 CVE-2019-1677: A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker t A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings ap

CVE-2018-0390 [MEDIUM] CWE-79 CVE-2018-0390: A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affe

CVE-2018-0356 [MEDIUM] CWE-79 CVE-2018-0356: A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP

CVE-2018-0357 [MEDIUM] CWE-79 CVE-2018-0357: A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP