This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2017-11-30
Product Webex Meetings Last view 2021-02-04
Version t32 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:webex_meetings

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.1 2021-02-04 CVE-2021-1221

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.

5.4 2021-01-13 CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

4.7 2021-01-13 CVE-2021-1310

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.

5.3 2020-11-18 CVE-2020-3441

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.

7.8 2020-11-06 CVE-2020-3604

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-11-06 CVE-2020-3603

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-11-06 CVE-2020-3588

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.

7.8 2020-11-06 CVE-2020-3573

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-09-23 CVE-2019-15287

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-09-23 CVE-2019-15285

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-09-23 CVE-2019-15283

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

4.4 2020-09-04 CVE-2020-3541

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.

6.5 2020-08-26 CVE-2020-3440

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.

4.1 2020-08-17 CVE-2020-3502

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

4.1 2020-08-17 CVE-2020-3501

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

4.3 2020-07-16 CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.

9.8 2020-06-18 CVE-2020-3361

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.

5.5 2020-06-18 CVE-2020-3347

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.

8.8 2020-06-18 CVE-2020-3342

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.

7.5 2020-06-18 CVE-2020-3263

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.

7.8 2020-04-15 CVE-2020-3194

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

4.3 2020-03-04 CVE-2020-3182

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to gain access to sensitive information.

7.8 2020-03-04 CVE-2020-3128

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

7.8 2020-03-04 CVE-2020-3127

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

5.4 2019-11-26 CVE-2019-15960

A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.

CWE : Common Weakness Enumeration

%idName
27% (9) CWE-20 Improper Input Validation
24% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-295 Certificate Issues
6% (2) CWE-200 Information Exposure
6% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
3% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
3% (1) CWE-532 Information Leak Through Log Files
3% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
3% (1) CWE-307 Improper Restriction of Excessive Authentication Attempts
3% (1) CWE-287 Improper Authentication
3% (1) CWE-269 Improper Privilege Management
3% (1) CWE-125 Out-of-bounds Read
3% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-12-08 Cisco Webex Meetings virtual channel remote code execution attempt
RuleID : 56225 - Type : SERVER-OTHER - Revision : 1
2020-12-08 Cisco Webex Network Recording Player buffer overflow attempt
RuleID : 56219 - Type : FILE-OTHER - Revision : 1
2020-12-08 Cisco Webex Network Recording Player buffer overflow attempt
RuleID : 56218 - Type : FILE-OTHER - Revision : 1
2020-12-08 Cisco Webex Network Recording Player out of bounds write attempt
RuleID : 56217 - Type : FILE-OTHER - Revision : 1
2020-12-08 Cisco Webex Network Recording Player out of bounds write attempt
RuleID : 56216 - Type : FILE-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54372 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54371 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54370 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54369 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54368 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54367 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54366 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54365 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54364 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54363 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54362 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54361 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54360 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54359 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Meetings Desktop App arbitrary program execution attempt
RuleID : 54358 - Type : BROWSER-OTHER - Revision : 1
2020-12-05 Cisco Webex Network Recording Player memory corruption attempt
RuleID : 53661 - Type : FILE-OTHER - Revision : 1
2020-12-05 Cisco Webex Network Recording Player memory corruption attempt
RuleID : 53660 - Type : FILE-OTHER - Revision : 1
2020-12-05 Cisco Webex Network Recording Player memory corruption attempt
RuleID : 53387 - Type : FILE-OTHER - Revision : 1
2020-12-05 Cisco Webex Network Recording Player memory corruption attempt
RuleID : 53386 - Type : FILE-OTHER - Revision : 1
2020-12-05 Cisco Webex Network Recording Player memory corruption attempt
RuleID : 53385 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2017-12-08 Name: The Cisco WebEx WRF Player installed on the remote Windows host is affected b...
File: cisco-sa-20171129-webex.nasl - Type: ACT_GATHER_INFO