CVE-2021-1242 – Cisco Webex Teams Shared File Manipulation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1242
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Una vulnerabilidad en Cisco Webex Teams, podría permitir a un atacante remoto no autenticado manipular nombres de archivos dentro de la interfaz de mensajería. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99 • CWE-450: Multiple Interpretations of UI Input •
CVE-2020-3471 – Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3471
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. Una vulnerabilidad en Cisco Webex Meetings y Cisco Webex Meetings Server, podría permitir a un atacante remoto no autenticado mantener el audio bidireccional a pesar de haber sido expulsado de una sesión Webex activa. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-info-leak-PhpzB3sG • CWE-20: Improper Input Validation CWE-662: Improper Synchronization •
CVE-2020-3441 – Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3441
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. Una vulnerabilidad en Cisco Webex Meetings y Cisco Webex Meetings Server, podría permitir a un atacante remoto no autenticado visualizar información confidencial desde el lobby de la sala de reuniones. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-infodisc-4tvQzn4 • CWE-20: Improper Input Validation •
CVE-2020-3419 – Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
https://notcve.org/view.php?id=CVE-2020-3419
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-auth-token-3vg57A5r • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2020-27126 – Cisco Webex Meetings API Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-27126
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. Una vulnerabilidad en una API de Cisco Webex Meetings, podría permitir a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-meetings-xss-MX56prER • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •