Blog Details

• Cisco stumbled on and mounted three vulnerabilities, collectively with a high-severity one
• The high-severity scenario changed into reward within the Cisco Webex app
• It allowed criminals to speed instructions remotely

Cisco has patched a high-severity vulnerability in its Webex video conferencing platform which allowed threat actors to mount a ways flung code execution (RCE) attacks in opposition to exposed endpoints.

The malicious program changed into reward within the customized URL parser of a Cisco Webex app and is described as an “insufficient input validation” vulnerability.

“An attacker would possibly well presumably exploit this vulnerability by persuading a user to click on a crafted assembly invite link and download arbitrary files,” the malicious program’s NVD page reads. “A a hit exploit would possibly well presumably allow the attacker to bear arbitrary instructions with the privileges of the centered user.”

No revolution

The vulnerability is tracked as CVE-2024-20236, and changed into assigned a severity rating of 8.8/10 (high).

Cisco extra outlined that the vulnerability is reward in all older versions of the product, despite the OS it’s running on, or machine configurations.

The networking massive additionally said there were no workarounds for the malicious program, so inserting within the bogus is the one technique to mitigate the peril.

While essentially the most extreme, it’s no longer the one vulnerability Cisco no longer too long ago addressed. The company additionally mounted two more flaws, CVE-2025-20178 (6.0/10), and CVE-2025-20150 (5.3/10).

The ragged is a privilege escalation flaw in Get Networks Analytics’ web-essentially based mostly administration interface, and permits threat actors to speed arbitrary controls as root, with admin credentials.

The latter changed into reward in a Nexus Dashboard, and permits threat actors to enumerate LDAP user accounts remotely, environment apart true accounts from the invalid ones.

The true news is that the vulnerabilities are no longer but being exploited within the wild, BleepingComputer experiences, citing prognosis from the company’s Product Security Incident Response Crew (PSIRT).

Cisco’s gear, each and each machine and hardware, are standard in each and each the endeavor and in client households. That makes them a first-rate target for threat actors, each and each disclose-backed and earnings-oriented.

By map of BleepingComputer

You presumably can additionally tackle

• Cisco warns a decade-primitive vulnerability is attend and focusing on users
• Take a study at our facts to the easiest authenticator app
• We’ve rounded up the easiest password managers

Sead is a seasoned freelance journalist essentially based mostly in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, rules and rules). In his career, spanning more than a decade, he’s written for a immense quantity of media shops, collectively with Al Jazeera Balkans. He’s additionally held several modules on disclose writing for Checklist Communications.