CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco » Webex Meetings Server » 2.6.0 : Security Vulnerabilities

Cpe Name:cpe:/a:cisco:webex_meetings_server:2.6.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1954 601 2019-08-08 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.
2 CVE-2019-1773 119 Exec Code Overflow 2019-05-15 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
3 CVE-2017-12359 119 Exec Code Overflow 2017-11-30 2017-12-15
4.3
None Remote Medium Not required None None Partial
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.
4 CVE-2017-6753 119 Exec Code Overflow 2017-07-25 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
5 CVE-2017-6651 200 +Info 2017-05-16 2017-07-07
5.0
None Remote Low Not required Partial None None
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
6 CVE-2017-3880 287 Bypass 2017-03-17 2017-07-11
6.4
None Remote Low Not required Partial Partial None
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.
7 CVE-2017-3796 78 Exec Code 2017-01-26 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.
8 CVE-2017-3795 287 2017-01-26 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.
9 CVE-2017-3794 352 CSRF 2017-01-26 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.
10 CVE-2016-1484 20 Bypass +Info 2016-08-22 2017-08-15
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.
11 CVE-2016-1483 20 DoS 2016-09-18 2017-07-29
7.8
None Remote Low Not required None None Complete
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.
12 CVE-2016-1482 78 Exec Code 2016-09-17 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.
13 CVE-2016-1450 20 2016-07-15 2017-08-31
6.0
None Remote Medium Single system Partial Partial Partial
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.
14 CVE-2016-1449 79 XSS 2016-07-15 2017-08-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
15 CVE-2016-1447 79 XSS 2016-07-15 2017-08-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
16 CVE-2016-1446 89 Exec Code Sql 2016-07-15 2017-08-31
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
17 CVE-2016-1389 2016-04-28 2016-12-02
4.3
None Remote Medium Not required None Partial None
Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.