Cisco Webex Teams vulnerabilities

CVE-2025-20236 [HIGH] CWE-829 CVE-2025-20236: A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote a A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting i

CVE-2024-20395 [MEDIUM] CWE-523 CVE-2024-20395: A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticat A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerabilit

CVE-2024-20396 [MEDIUM] CWE-200 CVE-2024-20396: A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote a A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is desig

CVE-2022-20863 [MEDIUM] CWE-450 CVE-2022-20863: A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by

CVE-2021-1502 [HIGH] CWE-119 CVE-2021-1502: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recordi

CVE-2021-1536 [MEDIUM] CWE-427 CVE-2021-1536: A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on

CVE-2021-1242 [MEDIUM] CWE-450 CVE-2021-1242: A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate f A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could

CVE-2020-3535 [HIGH] CWE-427 CVE-2020-3535: A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Window A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attack

CVE-2020-3541 [MEDIUM] CWE-200 CVE-2020-3541: A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webe A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. A

CVE-2020-3131 [MEDIUM] CWE-400 CVE-2020-3131: A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote att A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive

CVE-2019-1939 [HIGH] CWE-74 CVE-2019-1939: A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote a A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a

CVE-2019-1689 [HIGH] CWE-20 CVE-2019-1689: A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user

CVE-2019-1636 [HIGH] CWE-78 CVE-2019-1636: A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to ex A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a

CVE-2018-0436 [HIGH] CWE-284 CVE-2018-0436: A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote att A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has