CVE-2020-3182 – Cisco Webex Meetings Client for MacOS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3182
A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to gain access to sensitive information. Una vulnerabilidad en la configuración del protocolo DNS multidifusión (mDNS) de Cisco Webex Meetings Client para MacOS, podría permitir a un atacante adyacente no autenticado obtener información confidencial sobre el dispositivo en el que se ejecuta el cliente Webex. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-disc-OHqg982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15960 – Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15960
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wbs-privilege • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. • http://www.securityfocus.com/bid/104073 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war • CWE-20: Improper Input Validation •