CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1502 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1502
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Una vulnerabilidad en Cisco Webex Network Recording Player para Windows y MacOS y Cisco Webex Player para Windows y MacOS podría permitir a un atacante ejecutar código arbitrario en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1242 – Cisco Webex Teams Shared File Manipulation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1242
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Una vulnerabilidad en Cisco Webex Teams, podría permitir a un atacante remoto no autenticado manipular nombres de archivos dentro de la interfaz de mensajería. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2020-3535
A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3541 – Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3541
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Una vulnerabilidad en el componente del motor multimedia de Cisco Webex Meetings Client para Windows, Cisco Webex Meetings Desktop App para Windows, y Cisco Webex Teams para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3155 – Cisco Intelligent Proximity SSL Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3155
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB • CWE-295: Improper Certificate Validation •