The vulnerability stems from improper handling of authentication tokens by a vulnerable Webex site. Windows versions of the app are not affected.Ī second flaw (CVE-2020-3361), which ranks 8.1 out of 10 on the CVSS scale, could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. Versions of the Webex Meetings Desktop App for Mac app earlier than Release 39.5.11 are affected a fix is available in releases 39.5.11 and later.
A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.” “The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. “An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website,” according to Cisco’s security update. The flaw stems from an improper validation of cryptographic protections, on files that are downloaded by the application as part of a software update, according to Cisco. The most severe flaw (CVE-2020-3342) exists in the Webex Meetings Desktop App for Mac and ranks 8.8 out of 10 on the CVSS scale. It’s also investigating whether vulnerabilities affect other products. Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems.īeyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products, including its small business RV routers and TelePresence Collaboration Endpoint software.
0 kommentar(er)
