Cisco Releases Security Advisory for Webex App


Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system.

Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading the end user to click on a malicious meeting link. Affected organisations are encouraged to review Cisco Security Advisory cisco-sa-webex-app-client-rce-ufyMMYLC and apply the relevant updates as soon as practicable.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs

    May 8, 2017

    That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password.  As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...

  • PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely

    May 1, 2017

    Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...

  • Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero’s Wi‑Fi attack man

    April 12, 2017

    The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air. His April 4 “part one” prompted emergency patches from Apple and Google, new drivers from Broadcom ...

  • Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop

    April 11, 2017

    Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today. The company warned in a series of security bulletins posted shortly before noon Tuesday that the bulk of the bugs, 44, are critical and could lead to code ...

  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day

    April 10, 2017

    This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...

  • Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

    March 28, 2017

    Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple warned. The lion’s share of ...