topic Cisco Webex App Client-Side Remote Code Execution Vulnerability in Threats https://community.isc2.org/t5/Threats/Cisco-Webex-App-Client-Side-Remote-Code-Execution-Vulnerability/m-p/78939#M1601 <P>Dear All,</P><P>&nbsp;</P><P>A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user.<BR /><BR /></P><P>This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.<BR /><BR /></P><P>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<BR /><BR /><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC" target="_blank" rel="noopener">Cisco Webex App Client-Side Remote Code Execution Vulnerability</A></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 18 Apr 2025 15:41:40 GMT Kyaw_Myo_Oo 2025-04-18T15:41:40Z Cisco Webex App Client-Side Remote Code Execution Vulnerability https://community.isc2.org/t5/Threats/Cisco-Webex-App-Client-Side-Remote-Code-Execution-Vulnerability/m-p/78939#M1601 <P>Dear All,</P><P>&nbsp;</P><P>A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user.<BR /><BR /></P><P>This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.<BR /><BR /></P><P>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<BR /><BR /><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC" target="_blank" rel="noopener">Cisco Webex App Client-Side Remote Code Execution Vulnerability</A></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 18 Apr 2025 15:41:40 GMT https://community.isc2.org/t5/Threats/Cisco-Webex-App-Client-Side-Remote-Code-Execution-Vulnerability/m-p/78939#M1601 Kyaw_Myo_Oo 2025-04-18T15:41:40Z Re: Cisco Webex App Client-Side Remote Code Execution Vulnerability https://community.isc2.org/t5/Threats/Cisco-Webex-App-Client-Side-Remote-Code-Execution-Vulnerability/m-p/78940#M1602 Thank you! Fri, 18 Apr 2025 17:38:38 GMT https://community.isc2.org/t5/Threats/Cisco-Webex-App-Client-Side-Remote-Code-Execution-Vulnerability/m-p/78940#M1602 akkem 2025-04-18T17:38:38Z