Posts for: #Cisco Webex Meetings

Cisco Webex Meetings URL Redirection Vulnerability

#Cisco  #Cisco Webex Meetings 
🚨 SEVERITY: MEDIUM — CVSS 4.3 Security Advisory

TL;DR 📌

A medium-severity vulnerability in Cisco Webex Meetings could allow an unauthenticated attacker to redirect users to untrusted websites. Cisco has addressed this issue, and no action is required from users.

What happened 🕵️‍♂️

A vulnerability in Cisco Webex Meetings was discovered, which could allow an unauthenticated, remote attacker to redirect a targeted user to an untrusted website. This issue arose due to insufficient validation of URLs included in meeting-join links. If exploited, this could facilitate phishing attacks by misleading users into believing they were interacting with a trusted Webex environment.

[]

Cisco Webex Meetings Cross-Site Scripting Vulnerability

#Cisco  #Cisco Webex Meetings 
🚨 SEVERITY: MEDIUM — CVSS 5.4 Security Advisory

TL;DR 📌

A medium-severity cross-site scripting (XSS) vulnerability has been identified in Cisco Webex Meetings, allowing authenticated attackers to exploit the user profile component. Cisco has addressed this issue, and no user action is required.

What happened 🕵️‍♂️

A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability arose due to insufficient validation of user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially leading to an XSS attack.

[]

Cisco Webex Meeting Client Join Certificate Validation Vulnerability

#Cisco  #Cisco Webex Meetings 
🚨 SEVERITY: MEDIUM — CVSS 5.4 Security Advisory

TL;DR 📌

A medium-severity vulnerability in the Cisco Webex Meeting Client could allow an unauthenticated attacker on a local network to join meetings as another user. Cisco has addressed this issue, and no user action is required.

What happened 🕵️‍♂️

A vulnerability was identified in the meeting-join functionality of Cisco Webex Meetings. This flaw could permit an unauthenticated, network-proximate attacker to impersonate a legitimate user during the meeting-join process. The vulnerability arises from issues with client certificate validation, allowing an attacker to intercept and complete a meeting-join flow if they are positioned on a local or adjacent network. Cisco has confirmed that there is no known malicious exploitation of this vulnerability.

[]