—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cisco Webex App Open Redirect Vulnerability

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Webex App

Overview

A vulnerability has been reported in browser-based version of Cisco Webex App could allow an unauthenticated, remote attacker to redirect users to a malicious webpage.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper input validation of URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted URL.

Successful exploitation of this vulnerability could allow the attacker to redirect a user to a malicious website.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH

CVE Name

CVE-2026-20220

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo6mRkACgkQ3jCgcSdc

ys+ryA/+L5gv+d7Yy24Yf5j5sHXPKEGebMT9GfQtPOtLybxTlVl4iHm1BC1Sm8mZ

RdrWz77q1C2vAnvpJhgJ5WsYrjsL1PbnzTiyPhXrEZLK/v58vdYmeXx2Sj6lDD5g

WzA0tnqup3lyG/olvKDo0v8bWwT6TgBycU9qNcb+Kzd6hg/9pDktNxzLkPaaRB1k

SbqwoF4wFTHnqx1Dcwh0BsU+/6UmWk+sl/AEMyUz9WkOnUyHrIn1NqEFQktsMSq5

JXPbIUsMdrx+gvJlKKrXcu0Dmsvd18QXS/LZRu2EJiI4jNVQ2BGoFdbDrynVOTE3

MWF56Gw5cgG+eTzq9Xt42iF/kqtyeZPF/r8U04L6Qb4V/HeuUBmqwIgORIBjbl88

Gko99KT+MvYQdNp4bJdGHfyh+STrxCklpcbb+N/57rYFHsQ/0y8V82kQoR8OpWJY

19mY5vGaz02G093z8Lu/tZUPqDGl3l+UP56Mhs/phpFbrs7NrSdYvRbclyCauc/E

HMbO2HhgE6/8Gv2utp5j6GOrXn5XwXmEEaYJlptzxw6jcOhiu3nz/udNSWNGSuoF

s4ws0eaoeYleewaoI7rNu86yG7vpRZPw3iblhxDRYoBSZ+kxyVb8Z/fACkzNjVJF

tHuQ9qGcE8kGpHdUhMNFkxS2fWjG/HfeZQ70Y0lObf3ftBoc0BA=

=ARtY

—–END PGP SIGNATURE—–