Cisco Webex Meetings Server vulnerabilities

CVE-2018-15413 [HIGH] CWE-20 CVE-2018-15413: A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webe A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An

CVE-2018-0422 [HIGH] CWE-732 CVE-2018-0422: A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in th

CVE-2018-15422 [HIGH] CWE-20 CVE-2018-15422: A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webe A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An

CVE-2018-0112 [CRITICAL] CWE-20 CVE-2018-0112: A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meeting A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeti

CVE-2017-12368 [CRITICAL] CWE-119 CVE-2017-12368: A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file

CVE-2017-12372 [CRITICAL] CWE-119 CVE-2017-12372: A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx N A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file

CVE-2017-12367 [CRITICAL] CWE-119 CVE-2017-12367: A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Netwo A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Ex

CVE-2017-12363 [MEDIUM] CWE-264 CVE-2017-12363: A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to mod A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could

CVE-2017-12359 [MEDIUM] CWE-119 CVE-2017-12359: A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Forma A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this

CVE-2014-0691 [HIGH] CWE-331 CVE-2014-0691: Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it ea Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

CVE-2017-12293 [HIGH] CWE-119 CVE-2017-12293: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to ca A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the ser

CVE-2017-12296 [MEDIUM] CWE-79 CVE-2017-12296: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to co A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulne

CVE-2017-6753 [HIGH] CWE-119 CVE-2017-6753: A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event C

CVE-2017-6651 [HIGH] CWE-200 CVE-2017-6651: A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All r

CVE-2017-3811 [MEDIUM] CWE-611 CVE-2017-3811: An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, re An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.

CVE-2017-3880 [MEDIUM] CWE-287 CVE-2017-3880: An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.

CVE-2017-3823 [HIGH] CWE-119 CVE-2017-3823: An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in th

CVE-2017-3796 [HIGH] CWE-78 CVE-2017-3796: A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to exec A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.

CVE-2017-3794 [HIGH] CWE-352 CVE-2017-3794: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to co A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.

CVE-2017-3795 [MEDIUM] CWE-287 CVE-2017-3795: A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to cond A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.