PT-2021-6881 · Cisco · Cisco Webex Meetings

Jeremy Heng

Published

2021-11-02

Updated

2022-04-14

CVE-2022-20763

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings (affected versions not specified)

Description The issue is related to a vulnerability in the login authorization components of Cisco Webex Meetings, which could allow an authenticated, remote attacker to inject arbitrary Java code. This is due to improper deserialization of Java code within login requests. An attacker could exploit this by sending malicious login requests to the Cisco Webex Meetings service, potentially allowing them to inject arbitrary Java code and take arbitrary actions within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2022-02431

CVE-2022-20763

Affected Products

Cisco Webex Meetings

PT-2021-6881 · Cisco · Cisco Webex Meetings

CVE-2022-20763

Weakness Enumeration

Related Identifiers

Affected Products

References · 8