Alexandros Zacharis

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings Server (affected versions not specified) Cisco Webex Meetings (affected versions not specified) **Description** The issue is related to the multimedia viewer feature of the software, where unsafe handling of shared content allows an attacker to bypass security protections. This could be exploited by sharing a file through the multimedia viewer feature, potentially preventing warning dialogs from appearing before files are offered to other users. The attacker must be authenticated and act remotely to exploit this issue. **Recommendations** For Cisco Webex Meetings Server, consider disabling the multimedia viewer feature until a patch is available. For Cisco Webex Meetings, restrict access to the multimedia viewer feature to minimize the risk of exploitation. As a temporary workaround, avoid sharing files through the multimedia viewer feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings and Cisco Webex Meetings Server (affected versions not specified) **Description** The issue is related to improper validation of URL paths in the application interface, allowing an unauthenticated, remote attacker to redirect users to a malicious file. This could be achieved by persuading a user to follow a specially crafted URL, enabling the attacker to include a remote file in the web UI. A successful exploit could allow the attacker to conduct further phishing or spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.