CVE-2019-1689

Name of the Vulnerable Software and Affected Versions Cisco Webex Teams versions prior to 3.13.26920

Description The issue is related to improper input validation in the client application, allowing an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. An attacker could exploit this by sending a malicious file to a targeted user and persuading the user to manually open it, potentially overwriting sensitive application files and causing a denial of service (DoS) condition. This could result in the targeted user being unable to access the system in the future.

Recommendations For versions prior to 3.13.26920, update to version 3.13.26920 to resolve the issue. As a temporary workaround, consider restricting the ability to upload and open files within the application to minimize the risk of exploitation. Avoid opening suspicious files received through the application until the issue is resolved.