CVE-2021-1503 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1503
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Una vulnerabilidad en Cisco Webex Network Recording Player para Windows y MacOS y Cisco Webex Player para Windows y MacOS, podría permitir a un atacante ejecutar código arbitrario en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-rCFDeVj2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-1502 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1502
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Una vulnerabilidad en Cisco Webex Network Recording Player para Windows y MacOS y Cisco Webex Player para Windows y MacOS podría permitir a un atacante ejecutar código arbitrario en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-1467 – Cisco Webex Meetings for Android Avatar Modification Vulnerability
https://notcve.org/view.php?id=CVE-2021-1467
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. Una vulnerabilidad en Cisco Webex Meetings para Android podría permitir a un atacante remoto autenticado modificar el avatar de otro usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-andro-iac-f3UR8frB • CWE-284: Improper Access Control •
CVE-2021-1420 – Cisco Webex Meetings HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1420
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Una vulnerabilidad en determinadas páginas web de Cisco Webex Meetings, podría permitir a un atacante remoto no autenticado modificar una página web en el contexto del navegador de un usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-VObwRKWV • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2021-1351 – Cisco Webex Meetings Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1351
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz basada en web de Cisco Webex Meetings, podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz basada en web del servicio afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-Lz6HbGCt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •