CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15960 – Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15960
26 Nov 2019 — A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wbs-privilege • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 25%CPEs: 7EXPL: 2CVE-2019-1674 – Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1674
28 Feb 2019 — A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVS... • https://packetstorm.news/files/id/151914 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1677 – Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1677
07 Feb 2019 — A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions p... • http://www.securityfocus.com/bid/106933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0357
https://notcve.org/view.php?id=CVE-2018-0357
07 Jun 2018 — A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in th... • http://www.securityfocus.com/bid/104420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
02 May 2018 — A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects... • http://www.securityfocus.com/bid/104073 • CWE-20: Improper Input Validation •