CVE-2022-20863

2022-09-0813:15:08

CWE-450

cisco

web.nvd.nist.gov

1262

cisco

webex

webex app

vulnerability

messaging interface

remote attacker

manipulation

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks.

Affected configurations

Nvd

Node

ciscowebex_teamsRange<42.7

VendorProductVersionCPE
ciscowebex_teams*cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_teams	*	cpe:2.3:a:cisco:webex_teams::::::::

CNA Affected

[
  {
    "product": "Cisco Webex Meetings Desktop App",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]