CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1689 – Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-1689
A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. • http://www.securityfocus.com/bid/107101 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 0CVE-2019-1636 – Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
https://notcve.org/view.php?id=CVE-2019-1636
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. • http://www.securityfocus.com/bid/106718 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0436 – Cisco Webex Teams Information Disclosure and Modification Vulnerability
https://notcve.org/view.php?id=CVE-2018-0436
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability. Una vulnerabilidad en Cisco Webex Teams, anteriormente Cisco Spark, podría permitir a un atacante remoto autenticado visualizar y modificar los datos de una organización que no sea la suya propia. • http://www.securityfocus.com/bid/105301 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •