CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3541 – Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3541
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Una vulnerabilidad en el componente del motor multimedia de Cisco Webex Meetings Client para Windows, Cisco Webex Meetings Desktop App para Windows, y Cisco Webex Teams para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3440 – Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2020-3440
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. Una vulnerabilidad en Cisco Webex Meetings Desktop App para Windows podría permitir a un atacante remoto no autenticado sobrescribir archivos arbitrarios en un sistema de usuario final. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3501 – Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3501
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. Múltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podrían permitir a un atacante remoto autenticado obtener información restringida de otros usuarios de Webex. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp • CWE-20: Improper Input Validation •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3502 – Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3502
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. Múltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podrían permitir a un atacante remoto autenticado obtener información restringida de otros usuarios de Webex. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3345 – Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3345
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks. Una vulnerabilidad en determinadas páginas web de Cisco Webex Meetings y Cisco Webex Meetings Server podría permitir a un atacante remoto no autenticado modificar una página web en el contexto de un navegador. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-html-BJ4Y9tX • CWE-20: Improper Input Validation •