Cisco Webex, Router Bugs Allow Code Execution

2020-06-18 16:18

Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems.

"An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site," according to Cisco's security update.

The flaw has been fixed in Cisco Webex Meetings Server Release 4.0 MR3 Security Patch 1; Cisco said customers on Cisco hosted Webex Meetings sites do not need to take any actions to receive this update.

The final Webex vulnerability exists in Cisco Webex Meetings Desktop App, which could allow an unauthenticated, remote attacker to execute programs on an affected end-user system.

Cisco said it is currently investigating the Cisco ASR 5000 Series Router, Cisco Home Node-B Gateway, Cisco IP Services Gateway and Cisco PDSN/HA Packet Data Serving Node and Home Agent to see if they are affected by the flaws.

News URL

https://threatpost.com/cisco-webex-router-code-execution/156706/

#cisco #codeexecution #router #webex

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4500	241	3143	1879	617	5880