Vulnslist

find the latest Cisco vulnerabilities

Cisco Webex Meetings App Character Interface Manipulation Vulnerability

cisco-sa-webex-app-qrtO6YC2 · Medium · Published · Updated

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-qrtO6YC2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2022-20863
Cisco Bug IDsCSCwb85392
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Webex App, Cisco Webex Meetings Desktop App

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2022-20863 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2022-20863 Cisco OpenVuln
Cisco Webex Meetings Desktop App CVE-2022-20863 Cisco OpenVuln
Cisco Webex Meetings CVE-2022-20863 Cisco OpenVuln
Cisco Webex App CVE-2022-20863 Cisco OpenVuln