CVE-2022-20763 is a vulnerability in Cisco Webex Meetings Online
Published on April 6, 2022
Cisco Webex Meetings Java Deserialization Vulnerability
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.
Vulnerability Analysis
CVE-2022-20763 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2022-20763 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2022-20763
Want to know whenever a new CVE is published for Cisco Webex Meetings Online? stack.watch will email you.
Affected Versions
Cisco Webex Meetings Version n/a is affected by CVE-2022-20763Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.