Security News > 2020 > June > Cisco Webex, Router Bugs Allow Code Execution

Cisco Webex, Router Bugs Allow Code Execution
2020-06-18 16:18

Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems.

"An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site," according to Cisco's security update.

The flaw has been fixed in Cisco Webex Meetings Server Release 4.0 MR3 Security Patch 1; Cisco said customers on Cisco hosted Webex Meetings sites do not need to take any actions to receive this update.

The final Webex vulnerability exists in Cisco Webex Meetings Desktop App, which could allow an unauthenticated, remote attacker to execute programs on an affected end-user system.

Cisco said it is currently investigating the Cisco ASR 5000 Series Router, Cisco Home Node-B Gateway, Cisco IP Services Gateway and Cisco PDSN/HA Packet Data Serving Node and Home Agent to see if they are affected by the flaws.


News URL

https://threatpost.com/cisco-webex-router-code-execution/156706/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751