Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)

Summary: A flaw in the shared memory access of Cisco Webex meetings App for Desktop was reported as medium vulnerability as CVE-2020-3347. This was classified as medium by the networking giant Cisco, as only authenticated users can take the leverage of this flaw. Basically, allowed an attacker who already had authenticated access on a system … Continue reading “Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)”

Cisco Webex Update Service Command Injection Vulnerability : CVE-2018-15442

A command injection vulnerability has been disclosed in Cisco Webex. Upon successful exploitation an attacker can execute arbitrary commands on the target machine. The vulnerability has been assigned CVE-2018-15442. The vulnerability has been named ‘WebExec‘. Cisco has addressed this issue in cisco-sa-20181024-webex-injection. The issue affects All Cisco Webex Meetings Desktop App releases prior to 33.6.0. … Continue reading “Cisco Webex Update Service Command Injection Vulnerability : CVE-2018-15442”

WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass

Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”

WebEx Browser Extension Remote Code Execution Vulnerability

Introduction: Cisco WebEx is used to provide on-demand , online meeting, web conferencing and videoconferencing applications. It is has millions of users across the globe. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-3823. The bug was report on January 19 2016. It allows the WebEx extension … Continue reading “WebEx Browser Extension Remote Code Execution Vulnerability”