Cisco Webex App Open Redirect Vulnerability
Cisco's June 17 advisory covers an open redirect flaw in the browser-based version of the Webex App that could have let an unauthenticated remote attacker send users to a malicious webpage via a crafted URL.
At a glance
- Cisco disclosed an open redirect vulnerability in the browser-based Webex App caused by improper validation of URL parameters.
- Cisco has addressed the flaw and states no customer action is needed.
VERDICT — CONFIRMED
Cisco disclosed on June 17 an open redirect vulnerability in the browser-based version of its Webex App, per a Cisco PSIRT security advisory.
The flaw could have allowed an unauthenticated remote attacker to send users to a malicious webpage via a crafted URL, per the advisory, which attributes the bug to improper input validation of URL parameters in an HTTP request.
Cisco says it has already addressed the vulnerability in the app and that no customer action is needed, per the advisory — an unusual posture for a PSIRT disclosure, reflecting a fix deployed on Cisco's side for the browser-based client. The advisory's CVE identifier, CVSS score and any evidence of exploitation were not included in the available summary; those details reside in the full PSIRT advisory on Cisco's security center.
Key facts on file
- Cisco disclosed an open redirect vulnerability in the browser-based Webex App caused by improper validation of URL parameters.
- Cisco has addressed the flaw and states no customer action is needed.