cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20255,https://securityvulnerability.io/vulnerability/CVE-2023-20255,Denial of Service Vulnerability in Cisco Meeting Server Web Bridge,"A vulnerability within the API of the Web Bridge feature of Cisco Meeting Server allows unauthenticated remote attackers to disrupt service by exploiting insufficient validation of HTTP requests. By sending specially crafted HTTP packets to the affected device, an attacker can initiate a denial of service (DoS) condition. This could lead to interruptions in ongoing video calls, as the invalid packets cause instability within the Web Bridge, potentially dropping active connections and affecting overall service availability.",Cisco,Cisco Meeting Server,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-11-01T18:15:00.000Z,0
CVE-2021-40122,https://securityvulnerability.io/vulnerability/CVE-2021-40122,Cisco Meeting Server Call Bridge Denial of Service Vulnerability,"A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.",Cisco,Cisco Meeting Server,5.9,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T03:16:55.000Z,,false,false,,2021-10-21T03:15:00.000Z,0
CVE-2021-1524,https://securityvulnerability.io/vulnerability/CVE-2021-1524,Cisco Meeting Server API Denial of Service Vulnerability,"A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition.",Cisco,Cisco Meeting Server,4.3,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-06-16T00:00:00.000Z,0
CVE-2021-1517,https://securityvulnerability.io/vulnerability/CVE-2021-1517,Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability,"A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users.",Cisco,Cisco Webex Meetings Server,5,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1525,https://securityvulnerability.io/vulnerability/CVE-2021-1525,Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks.",Cisco,Cisco Webex Meetings Server,4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1221,https://securityvulnerability.io/vulnerability/CVE-2021-1221,Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability,"A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.",Cisco,Cisco Webex Meetings Server,4.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-03T17:15:45.000Z,,false,false,,2021-02-04T17:15:00.000Z,0
CVE-2021-1311,https://securityvulnerability.io/vulnerability/CVE-2021-1311,Cisco Webex Meetings and Cisco Webex Meetings Server  Host Key Brute Forcing Vulnerability,"A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.",Cisco,Cisco Webex Meetings Server,5.4,MEDIUM,0.0009699999936856329,false,,false,false,true,2024-08-03T17:15:49.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2020-3419,https://securityvulnerability.io/vulnerability/CVE-2020-3419,Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.",Cisco,Cisco Webex Meetings Server,6.5,MEDIUM,0.004490000195801258,false,,false,false,true,2024-08-04T08:16:39.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3471,https://securityvulnerability.io/vulnerability/CVE-2020-3471,Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.",Cisco,Cisco Webex Meetings Server,6.5,MEDIUM,0.003160000080242753,false,,false,false,true,2024-08-04T08:16:42.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3441,https://securityvulnerability.io/vulnerability/CVE-2020-3441,Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.",Cisco,Cisco Webex Meetings Server,5.3,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-08-04T08:16:40.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3345,https://securityvulnerability.io/vulnerability/CVE-2020-3345,Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability,"A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.",Cisco,Cisco Webex Meetings Server,4.3,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T08:16:36.000Z,,false,false,,2020-07-16T18:15:00.000Z,0
CVE-2020-3347,https://securityvulnerability.io/vulnerability/CVE-2020-3347,Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability,"A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.",Cisco,Cisco Webex Meetings Server,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T08:16:36.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3361,https://securityvulnerability.io/vulnerability/CVE-2020-3361,Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.",Cisco,Cisco Webex Meetings Server,8.1,HIGH,0.007619999814778566,false,,false,false,true,2024-08-04T08:16:37.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3263,https://securityvulnerability.io/vulnerability/CVE-2020-3263,Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability,"A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.",Cisco,Cisco Webex Meetings Server,7.5,HIGH,0.0023499999660998583,false,,false,false,true,2024-08-04T08:16:32.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3342,https://securityvulnerability.io/vulnerability/CVE-2020-3342,Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability,"A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.",Cisco,Cisco Webex Meetings Server,8.8,HIGH,0.005309999920427799,false,,false,false,true,2024-08-04T08:16:36.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3160,https://securityvulnerability.io/vulnerability/CVE-2020-3160,Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability,"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications.",Cisco,Cisco Meeting Server,5.3,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-04T08:16:27.000Z,,false,false,,2020-02-19T00:00:00.000Z,0
CVE-2019-1954,https://securityvulnerability.io/vulnerability/CVE-2019-1954,Cisco Webex Meetings Server Open Redirection Vulnerability,"A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.",Cisco,Cisco Webex Meetings Server,4.3,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2019-08-08T08:15:00.000Z,0
CVE-2019-1623,https://securityvulnerability.io/vulnerability/CVE-2019-1623,Cisco Meeting Server CLI Command Injection Vulnerability,"A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.",Cisco,Cisco Meeting Server,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1868,https://securityvulnerability.io/vulnerability/CVE-2019-1868,Cisco Webex Meetings Server Information Disclosure Vulnerability,"A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information.",Cisco,Cisco Webex Meetings Server,5.3,MEDIUM,0.0024300001095980406,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-06-05T00:00:00.000Z,0
CVE-2019-1676,https://securityvulnerability.io/vulnerability/CVE-2019-1676,Cisco Meeting Server SIP Processing Denial of Service Vulnerability,"A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.",Cisco,Cisco Meeting Server,6.8,MEDIUM,0.0013299999991431832,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-08T18:29:00.000Z,0
CVE-2019-1678,https://securityvulnerability.io/vulnerability/CVE-2019-1678,Cisco Meeting Server Denial of Service Vulnerability,"A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.",Cisco,Cisco Meeting Server,4.3,MEDIUM,0.0012100000167265534,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-07T20:29:00.000Z,0
CVE-2019-1655,https://securityvulnerability.io/vulnerability/CVE-2019-1655,Cisco Webex Meetings Server Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Webex Meetings Server,6.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:02.000Z,,false,false,,2019-01-24T16:29:00.000Z,0
CVE-2018-15446,https://securityvulnerability.io/vulnerability/CVE-2018-15446,Cisco Meeting Server Information Disclosure Vulnerability,"A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.",Cisco,Cisco Meeting Server,5.3,MEDIUM,0.0015999999595806003,false,,false,false,true,2024-08-05T10:17:52.000Z,,false,false,,2018-11-08T18:29:00.000Z,0
CVE-2018-0439,https://securityvulnerability.io/vulnerability/CVE-2018-0439,Cisco Meeting Server Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.",Cisco,Cisco Meeting Server,8.8,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0371,https://securityvulnerability.io/vulnerability/CVE-2018-0371,,"A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.",Cisco,Cisco Meeting Server Unknown,6.5,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0