Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Webex App Client-Side Remote Code Execution Vulnerability
Vulnerability Description
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Cisco Webex 安全漏洞
Vulnerability Description
Cisco Webex是美国思科(Cisco)公司的一个视频会议和协作产品套件。 Cisco Webex存在安全漏洞,该漏洞源于输入验证不足,可能导致下载任意文件并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A