Cisco has patched a high-severity vulnerability in its Webex Meetings desktop app and client that could enable an attacker to launch a remote code execution (RCE) attack. The flaw is due to an improper input validation that is provided to application URLs. An attacker could exploit the flaw to execute programs that are already present on the end-user system.
- In April, Webex users were targeted by phishing attacks posing as critical security advisories from Cisco.
- Cisco also recently patched a medium-severity bug in its Unified Customer Voice Portal and the high-severity BootHole bug.
- Last month, Eclypsium researchers discovered the BootHole bug, which affects the GRUB2 bootloader used by most Linux and Windows devices employing the UEFI Secure Boot.