CVSS: 6.5EPSS: 0%CPEs: 408EXPL: 0CVE-2020-26140 – kernel: accepting plaintext data frames in protected networks
https://notcve.org/view.php?id=CVE-2020-26140
11 May 2021 — An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. Se detectó un problema en el controlador ALFA de Windows 10 versión 6.1316.1209 para AWUS036H. Las implementaciones WEP, WPA, WPA2 y WPA3 aceptan tramas de texto plano en una red Wi-Fi protegida. • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-346: Origin Validation Error •
CVSS: 3.1EPSS: 0%CPEs: 338EXPL: 1CVE-2020-24587 – kernel: Reassembling fragments encrypted under different keys
https://notcve.org/view.php?id=CVE-2020-24587
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que todos los fragmentos d... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1CVE-2020-24588 – kernel: wifi frame payload being parsed incorrectly as an L2 frame
https://notcve.org/view.php?id=CVE-2020-24588
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU ... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1467 – Cisco Webex Meetings for Android Avatar Modification Vulnerability
https://notcve.org/view.php?id=CVE-2021-1467
08 Apr 2021 — A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. Una vulnerabilidad en Cisco Webex Meetings para A... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-andro-iac-f3UR8frB • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1420 – Cisco Webex Meetings HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1420
08 Apr 2021 — A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to pot... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-VObwRKWV • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1351 – Cisco Webex Meetings Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1351
17 Feb 2021 — A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Lz6HbGCt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1372 – Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1372
17 Feb 2021 — A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to ret... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1221 – Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1221
04 Feb 2021 — A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. B... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1310 – Cisco Webex Meetings Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2021-1310
13 Jan 2021 — A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-open-redirect-PWvBQ2q • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-1311 – Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability
https://notcve.org/view.php?id=CVE-2021-1311
13 Jan 2021 — A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-brutef-hostkey-FWRMxVF • CWE-307: Improper Restriction of Excessive Authentication Attempts •