CVE-2022-20763
Cisco Webex Meetings Java Deserialization Vulnerability
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
06 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
Cisco · Cisco Webex MeetingsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →