8 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. Una vulnerabilidad en la interfaz de mensajería de la aplicación Cisco Webex, anteriormente Webex Teams, podría permitir a un atacante remoto no autenticado manipular enlaces u otro contenido dentro de la interfaz de mensajería. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-qrtO6YC2 • CWE-450: Multiple Interpretations of UI Input •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Una vulnerabilidad en Cisco Webex Teams, podría permitir a un atacante remoto no autenticado manipular nombres de archivos dentro de la interfaz de mensajería. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99 • CWE-450: Multiple Interpretations of UI Input •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. Una vulnerabilidad en el componente del motor multimedia de Cisco Webex Meetings Client para Windows, Cisco Webex Meetings Desktop App para Windows, y Cisco Webex Teams para Windows, podría permitir a un atacante local autenticado conseguir acceso a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. Una vulnerabilidad en el cliente Cisco Webex Teams para Windows, podría permitir a un atacante remoto no autenticado ejecutar comandos arbitrarios sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-webex-teams • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-269: Improper Privilege Management •