CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3131 – Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3131
A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16001 – Cisco Webex Teams for Windows DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2019-16001
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1939 – Cisco Webex Teams Logging Feature Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1939
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. Una vulnerabilidad en el cliente Cisco Webex Teams para Windows, podría permitir a un atacante remoto no autenticado ejecutar comandos arbitrarios sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1689 – Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-1689
A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920. • http://www.securityfocus.com/bid/107101 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 0CVE-2019-1636 – Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
https://notcve.org/view.php?id=CVE-2019-1636
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. • http://www.securityfocus.com/bid/106718 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •