Vulnerabilities > CVE-2022-20763 - Deserialization of Untrusted Data vulnerability in Cisco Webex Meetings Online Wbs42.2.11

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-502

NVD

Published: 2022-04-06

Updated: 2023-11-07

Summary

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Webex Meetings Online Wbs42.2.1-1	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-java-MVX6crH9