Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases

Cisco has addressed this vulnerability in Cisco Webex Meetings, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI.

At the time of publication, Cisco Webex Meetings Server releases 3.0 MR4 and later and 4.0 MR4 and later contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Customers who need additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY

Description D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on

CVE-2024-5201 : OPENTEXT DIMENSIONS RM UP TO 12.11.1.2/12.11.2.5 HTTP REQUEST PRIVILEGE ESCALATION

CVE-2024-5201 : OPENTEXT DIMENSIONS RM UP TO 12.11.1.2/12.11.2.5 HTTP REQUEST PRIVILEGE ESCALATION

Description Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another

CVE-2024-4267 : PARISNEO LOLLMS-WEBUI UP TO 9.5 OPEN_FILE COMMAND INJECTION

CVE-2024-4267 : PARISNEO LOLLMS-WEBUI UP TO 9.5 OPEN_FILE COMMAND INJECTION

Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability