CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15960 – Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15960
26 Nov 2019 — A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wbs-privilege • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1948 – Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1948
21 Aug 2019 — A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 25%CPEs: 7EXPL: 2CVE-2019-1674 – Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1674
28 Feb 2019 — A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVS... • https://packetstorm.news/files/id/151914 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0380
https://notcve.org/view.php?id=CVE-2018-0380
18 Jul 2018 — Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applicati... • http://www.securityfocus.com/bid/104880 • CWE-399: Resource Management Errors •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
02 May 2018 — A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects... • http://www.securityfocus.com/bid/104073 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-0287
https://notcve.org/view.php?id=CVE-2018-0287
02 May 2018 — A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary co... • http://www.securityfocus.com/bid/104128 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2017-12359
https://notcve.org/view.php?id=CVE-2017-12359
30 Nov 2017 — A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisc... • http://www.securityfocus.com/bid/102186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 0CVE-2017-12367 – Cisco WebEx Network Recording Player DoS / Code Execution
https://notcve.org/view.php?id=CVE-2017-12367
30 Nov 2017 — A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs... • http://www.securityfocus.com/bid/102017 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 2%CPEs: 6EXPL: 0CVE-2017-12368 – Cisco WebEx Network Recording Player DoS / Code Execution
https://notcve.org/view.php?id=CVE-2017-12368
30 Nov 2017 — A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug... • http://www.securityfocus.com/bid/102017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 2%CPEs: 4EXPL: 0CVE-2017-12369 – Cisco WebEx Network Recording Player DoS / Code Execution
https://notcve.org/view.php?id=CVE-2017-12369
30 Nov 2017 — A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CS... • http://www.securityfocus.com/bid/102017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •