Many modern workplaces today have a mix of different vendors across their collaboration and extended productivity portfolios, making interoperability and integrations crucial to enable and retain work productivity. Table 1 outlines the features and benefits of the Webex Video Integration for Microsoft Teams within an organization. These actions could include joining meetings or assistance sessions, create a test, schedule a training session, and modify a meeting registration form.ĬVSS:3.Use your Cisco Webex Rooms or other SIP devices to join CVI-enabled Microsoft Teams (typically your own company’s meetings).
A successful exploit could allow the attacker to perform arbitrary actions in the context of the affected interface with the privileges of the targeted user. An attacker could exploit this vulnerability by persuading a user to click a malicious link. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. There are no workarounds that address this vulnerability.ĬVSS Vector:CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NĬVE-2023-20180: Cisco Webex Meetings Cross-Site Request Forgery VulnerabilityĪ vulnerability in the web UI of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a CSRF attack against a user.
A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Ĭisco has released software updates that address this vulnerability. This vulnerability is due to insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.ĭetails about the vulnerabilities are as follows:ĬVE-2023-20133: Cisco Webex Meetings Stored Cross-Site Scripting VulnerabilityĪ vulnerability in the web UI of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored XSS attack against a user.
Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. The vulnerabilities are not dependent on one another.
0 kommentar(er)
