First published: Wed Apr 06 2022(Updated: )
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | =wbs42.2.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-20763.
The severity of CVE-2022-20763 is high with a CVSS score of 8.8.
CVE-2022-20763 affects Cisco Webex Meetings by allowing an authenticated, remote attacker to inject arbitrary Java code through improper deserialization of Java code within login requests.
An attacker can exploit CVE-2022-20763 by sending malicious login requests containing arbitrary Java code.
Yes, Cisco has released a security advisory with fixes for CVE-2022-20763. Please refer to the Cisco Security Advisory for more information.