- Cisco has found and set three vulnerabilities, including high severity
- The high severity problem was found in the Cisco Webex application
- This allowed criminals to carry out remote controls
Cisco has corrected a high severity vulnerability in its Webex video conference platform which allowed the threats of the threat to set up distant code execution attacks (RCE) against the termination points exposed.
The bug was discovered in the personalized URL analyzer of a Cisco Webex application and is described as a vulnerability of “insufficient input validation”.
“An attacker could exploit this vulnerability by persuading a user to click on a fabricated meeting invitation link and download arbitrary files,” said the BUG NVD page. “A successful feat could allow the attacker to execute arbitrary orders with the privileges of the targeted user.”
No revolution
Vulnerability is followed as CVE-2024-20236 and received a gravity score of 8.8 / 10 (high).
Cisco also explained that vulnerability is present in all old versions of the product, regardless of the operating system on which it works or system configurations.
The networking giant also said that there was no bypass for the bug, so the installation of the update is the only way to mitigate the risk.
Although the most serious is not the only vulnerability that Cisco recently addressed. The company has also set two other faults, CVE-2025-20178 (6.0 / 10) and CVE-2025-20150 (5.3 / 10).
The first is a failing to climb privilege in the web management interface of Secure Networks Analytics, and allows threat stakeholders to carry out arbitrary controls as root, with administration identification information.
The latter was found in a Nexus dashboard and allows threat stakeholders to list LDAP user accounts remotely, separating the valid accounts of non -valid accounts.
The good news is that vulnerabilities are not yet exploited in wilderness reports, BleepingCompute, citing the analysis of the company’s security incidents’ response team (PSIRT).
Cisco equipment, software and hardware, is popular both in the company and in households. This makes it a main target for threat actors, both sponsored by the state and to profit.
Via Bleeping Compompute
