Guest

Preview Tool

Cisco Bug: CSCzu78401 - Cisco WebEx Meeting Center Site Redirection Vulnerability

Last Modified

Mar 04, 2020

Products (1)

  • Cisco Webex Meetings

Known Affected Releases

T28.1 T29 T30 T31

Description (partial)

Symptom:
A vulnerability in a specific URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection.
 
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a desired remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website.
 
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

Conditions:
A Cisco WebEx Meeting Center running a release prior to T28, or any releases that have not had the ?Enforce BACKURL Domain Names? selection checked.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.