CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1868 – Cisco Webex Meetings Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1868
05 Jun 2019 — A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information. Una vulnerabilidad en la interfaz de administració... • http://www.securityfocus.com/bid/108625 • CWE-16: Configuration •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1772 – Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1772
15 May 2019 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the fil... • http://www.securityfocus.com/bid/108373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1773 – Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1773
15 May 2019 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the fil... • http://www.securityfocus.com/bid/108373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1771 – Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1771
15 May 2019 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the fil... • http://www.securityfocus.com/bid/108373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 25%CPEs: 7EXPL: 2CVE-2019-1674 – Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1674
28 Feb 2019 — A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVS... • https://packetstorm.news/files/id/151914 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1689 – Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-1689
25 Feb 2019 — A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of ... • http://www.securityfocus.com/bid/107101 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1680 – Cisco Webex Business Suite Content Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1680
07 Feb 2019 — A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. • http://www.securityfocus.com/bid/106939 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1677 – Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1677
07 Feb 2019 — A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions p... • http://www.securityfocus.com/bid/106933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1655 – Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1655
24 Jan 2019 — A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attack... • http://www.securityfocus.com/bid/106710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1637 – Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1637
23 Jan 2019 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the fil... • http://www.securityfocus.com/bid/106704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •