Cisco Webex Meetings Server vulnerabilities

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1503 [HIGH] CWE-119 CVE-2021-1503: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording F

CVE-2021-1502 [HIGH] CWE-119 CVE-2021-1502: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recordi

CVE-2021-1536 [MEDIUM] CWE-427 CVE-2021-1536: A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on

CVE-2021-1525 [MEDIUM] CWE-601 CVE-2021-1525: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL th

CVE-2021-1517 [MEDIUM] CWE-693 CVE-2021-1517: A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file throug

CVE-2021-1372 [MEDIUM] CWE-202 CVE-2021-1372: A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could a A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploi

CVE-2021-1221 [MEDIUM] CWE-20 CVE-2021-1221: A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Softwa A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user int

CVE-2021-1311 [MEDIUM] CWE-307 CVE-2021-1311: A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requ

CVE-2020-3419 [MEDIUM] CWE-913 CVE-2020-3419: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted re

CVE-2020-3441 [MEDIUM] CWE-20 CVE-2020-3441: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A success

CVE-2020-3471 [MEDIUM] CWE-20 CVE-2020-3471: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vul

CVE-2020-3603 [HIGH] CWE-119 CVE-2020-3603: Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Fo

CVE-2020-3573 [HIGH] CWE-119 CVE-2020-3573: Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Fo

CVE-2019-15287 [HIGH] CWE-119 CVE-2019-15287: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15283 [HIGH] CWE-119 CVE-2019-15283: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15285 [HIGH] CWE-119 CVE-2019-15285: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2020-3116 [MEDIUM] CWE-20 CVE-2020-3116: A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) fi A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email

CVE-2020-3502 [MEDIUM] CWE-20 CVE-2020-3502: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo

CVE-2020-3501 [MEDIUM] CWE-20 CVE-2020-3501: Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an au Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could explo