CVE-2020-3541 – Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3541
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Una vulnerabilidad en el componente del motor multimedia de Cisco Webex Meetings Client para Windows, Cisco Webex Meetings Desktop App para Windows, y Cisco Webex Teams para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-3440 – Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2020-3440
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. Una vulnerabilidad en Cisco Webex Meetings Desktop App para Windows podría permitir a un atacante remoto no autenticado sobrescribir archivos arbitrarios en un sistema de usuario final. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. • http://www.securityfocus.com/bid/104073 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war • CWE-20: Improper Input Validation •