CVSS: 5.4EPSS: 0%CPEs: 44EXPL: 0CVE-2024-20396
https://notcve.org/view.php?id=CVE-2024-20396
17 Jul 2024 — A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 94EXPL: 0CVE-2024-20395
https://notcve.org/view.php?id=CVE-2024-20395
17 Jul 2024 — A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileg... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j • CWE-523: Unprotected Transport of Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20863 – Cisco Webex Meetings App Character Interface Manipulation Vulnerability
https://notcve.org/view.php?id=CVE-2022-20863
08 Sep 2022 — A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the inte... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-qrtO6YC2 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1536 – Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1536
04 Jun 2021 — A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1502 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1502
04 Jun 2021 — A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1242 – Cisco Webex Teams Shared File Manipulation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1242
13 Jan 2021 — A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Un... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2020-3535
08 Oct 2020 — A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-3541 – Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3541
04 Sep 2020 — A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1689 – Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-1689
25 Feb 2019 — A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of ... • http://www.securityfocus.com/bid/107101 • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0436 – Cisco Webex Teams Information Disclosure and Modification Vulnerability
https://notcve.org/view.php?id=CVE-2018-0436
05 Oct 2018 — A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify dat... • http://www.securityfocus.com/bid/105301 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •