"If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system." Execute arbitrary code remotely on Macs "A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system," Cisco's advisory reads. The arbitrary program execution security flaw affecting the Windows client is caused by the improper input validation of URLs supplied to impacted Cisco Webex Meetings Desktop App versions.ĬVE-2020-3263 could enable unauthenticated, remote attackers to execute programs on systems running an unpatched Cisco Webex Meetings Desktop App release. An attacker can exploit this vulnerability by tricking the target to click on a malicious URL.
Remotely execute programs on Windows systems The two vulnerabilities are tracked as CVE-2020-3263 and CVE-2020-3342, and they affect Cisco Webex Meetings Desktop App releases earlier than 39.5.12 and lockdown versions of Cisco Webex Meetings Desktop App for Mac earlier than 39.5.11, respectively. The platform also provides presentation, screen sharing, and recording capabilities.
Cisco today released security updates to address two high severity vulnerabilities found in the Cisco Webex Meetings Desktop App for Windows and macOS that could allow unprivileged attackers to run programs and code on vulnerable machines.Ĭisco Webex Meetings is an online meeting and video conferencing software that makes it easy to schedule and join meetings.
0 kommentar(er)
