Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its Webex video conferencing platform that could enable a remote attacker to execute commands. The Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh. The vulnerability stems from insufficient CSRF protections for the web UI on an affected device Cisco said that it is not aware of any exploits against the flaw in the wild. The networking giant on Wednesday also released fixes for fixes for another glitch in its IOS and Cisco IOS XE software.
Source: https://threatpost.com/cisco-webex-bug-allows-remote-code-execution/151724/