CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3347
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks. Una vulnerabilidad en Cisco Webex Meetings Desktop App para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. • http://www.securityfocus.com/bid/104073 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war • CWE-20: Improper Input Validation •