Guest

Preview Tool

Cisco Bug: CSCvt75616 - Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability

Last Modified

Jul 20, 2020

Products (1)

  • Cisco Webex Meetings Server

Known Affected Releases

4.0.MRS.3237

Description (partial)

Symptom:
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser.

The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-html-BJ4Y9tX

Conditions:
At the time of publication, this vulnerability affected Cisco Webex Meetings releases earlier than Release 40.6.0 and Cisco Webex Meetings Server releases earlier than Release 4.0 MR3.

At the time of publication, Cisco Webex Meetings releases 40.6.0 and later and Cisco Webex Meetings Server releases 4.0 MR3 and later contained the fix for this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.