"An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website," Cisco explains.
#CISCO WEBEX CLIENT MAC FOR MAC#
The remote code execution vulnerability found in the macOS client is due to improper certificate validation on software update files downloaded by affected Cisco Webex Meetings Desktop App for Mac releases.ĬVE-2020-3342 could make it possible for unauthenticated attackers to remotely execute arbitrary code with the privileges of the user logged on Macs running unpatched versions of Cisco Webex Meetings Desktop App for Mac. "If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system." Execute arbitrary code remotely on Macs "A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system," Cisco's advisory reads.
#CISCO WEBEX CLIENT MAC WINDOWS#
The arbitrary program execution security flaw affecting the Windows client is caused by the improper input validation of URLs supplied to impacted Cisco Webex Meetings Desktop App versions.ĬVE-2020-3263 could enable unauthenticated, remote attackers to execute programs on systems running an unpatched Cisco Webex Meetings Desktop App release. An attacker can exploit this vulnerability by tricking the target to click on a malicious URL. Remotely execute programs on Windows systems The two vulnerabilities are tracked as CVE-2020-3263 and CVE-2020-3342, and they affect Cisco Webex Meetings Desktop App releases earlier than 39.5.12 and lockdown versions of Cisco Webex Meetings Desktop App for Mac earlier than 39.5.11, respectively. The platform also provides presentation, screen sharing, and recording capabilities. Cisco today released security updates to address two high severity vulnerabilities found in the Cisco Webex Meetings Desktop App for Windows and macOS that could allow unprivileged attackers to run programs and code on vulnerable machines.Ĭisco Webex Meetings is an online meeting and video conferencing software that makes it easy to schedule and join meetings.
0 kommentar(er)
