Severity Rating: High
Software Affected
Cisco Webex Meetings Desktop App for Mac releases prior to Release 39.5.11.
Cisco Webex Meetings Desktop App releases prior to Release 39.5.12.
Overview
A vulnerability have been reported in the software update feature of Cisco
Webex Meetings Desktop App which could allow an unauthenticated, remote
attacker to execute arbitrary code and programs on an affected system.
Description
1.Code Execution Vulnerability Cisco Webex Meetings Desktop App for Mac
(CVE-2020-3342)
A Vulnerability exists in the software update feature of Cisco Webex
Meetings Desktop App for Mac due to improper validation of cryptographic
protections on files that are downloaded by the application as part of a
software that could allow the attacker to execute arbitrary code on an
affected system. An attacker could exploit this vulnerability by persuading
a user to go to a website that returns files to the client that are similar
to files that are returned from a valid Webex website. The client may fail
to properly validate the cryptographic protections of the provided files
before executing them as part of an update.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the affected system with the privileges of the
user.
2. Program Execution Vulnerability Cisco Webex Meetings Desktop App
(CVE-2020-3263)
A Vulnerability exists in Cisco Webex Meetings Desktop App due to improper
validation of input that is supplied to application URLs that could allow
the attacker to execute programs on an affected end-user system. An
attacker could exploit this vulnerability by persuading a user to follow a
malicious URL.
Successful exploitation of this vulnerability could allow the attacker to
cause the application to execute programs and arbitrary code on the
affected system .
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-mac-X7vp65BL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-url-fcmpdfVY
Vendor Information
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-mac-X7vp65BL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-url-fcmpdfVY
Reference
CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-mac-X7vp65BL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-webex-client-url-fcmpdfVY
CVE Name
(CVE-2020-3342)
(CVE-2020-3263)
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.