Page 2 of 10 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Una vulnerabilidad en Cisco Webex Teams, podría permitir a un atacante remoto no autenticado manipular nombres de archivos dentro de la interfaz de mensajería. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99 • CWE-450: Multiple Interpretations of UI Input •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN • CWE-427: Uncontrolled Search Path Element •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Una vulnerabilidad en el componente del motor multimedia de Cisco Webex Meetings Client para Windows, Cisco Webex Meetings Desktop App para Windows, y Cisco Webex Teams para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. • http://www.securityfocus.com/bid/107101 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file • CWE-20: Improper Input Validation •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability. Una vulnerabilidad en Cisco Webex Teams, anteriormente Cisco Spark, podría permitir a un atacante remoto autenticado visualizar y modificar los datos de una organización que no sea la suya propia. • http://www.securityfocus.com/bid/105301 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •