CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3347
18 Jun 2020 — A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive infor... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2020-3342 – Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3342
18 Jun 2020 — A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3322 – Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3322
03 Jun 2020 — A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-3321 – Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3321
03 Jun 2020 — A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3319 – Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3319
03 Jun 2020 — A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3194 – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3194
15 Apr 2020 — A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1866 – Cisco Webex Business Suite Host Header Value Integrity Vulnerability
https://notcve.org/view.php?id=CVE-2019-1866
13 Apr 2020 — Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use inp... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm98833 • CWE-284: Improper Access Control CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3126 – Cisco Webex Meetings Multimedia Viewer Vulnerability
https://notcve.org/view.php?id=CVE-2020-3126
13 Apr 2020 — vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning user... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs24436 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3155 – Cisco Intelligent Proximity SSL Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3155
04 Mar 2020 — A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3128 – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3128
04 Mar 2020 — Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a li... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player • CWE-20: Improper Input Validation •