CVE-2023-20134 in Webex Meetings
Summary
by MITRE • 04/05/2023
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/25/2025
The vulnerability identified as CVE-2023-20134 represents a critical security weakness in Cisco Webex Meetings web interface that exposes organizations to significant remote attack vectors. This vulnerability affects the web-based management and user interface components of Cisco Webex Meetings software, creating potential entry points for malicious actors who can leverage legitimate user sessions to execute harmful code or manipulate system resources. The flaw specifically impacts the authentication mechanisms and input validation processes within the web interface, allowing attackers with valid credentials to exploit these weaknesses for unauthorized activities.
The technical implementation of this vulnerability stems from inadequate sanitization and validation of user-supplied input within the web application's recording and content management features. When authenticated users interact with the web interface, the system fails to properly filter or encode user-provided data before storing or rendering it within web pages. This stored cross-site scripting vulnerability (CWE-000) allows attackers to inject malicious scripts that execute in the context of other users' browsers when they access affected pages. The stored nature of this XSS flaw means that malicious code persists within the application's database and executes automatically whenever vulnerable pages are accessed, making it particularly dangerous for widespread impact.
The operational implications of this vulnerability extend beyond simple script injection, as it also enables arbitrary file upload capabilities that can be exploited for more sophisticated attacks. Attackers can leverage the file upload functionality to place malicious executables, web shells, or other harmful content within the system's recording storage areas. This dual vulnerability creates a pathway for attackers to establish persistent access, escalate privileges, or conduct further reconnaissance within the network. The combination of XSS and file upload capabilities significantly amplifies the threat landscape, as it allows for both passive data theft and active system compromise. Organizations utilizing Cisco Webex Meetings for business communications face potential exposure to credential theft, data exfiltration, and disruption of business continuity operations.
Mitigation strategies for CVE-2023-20134 should prioritize immediate patch deployment from Cisco, following the vendor's security advisory guidance for affected versions. Network segmentation and monitoring of web traffic can help detect anomalous file upload patterns or suspicious script execution attempts. Implementing robust input validation, output encoding, and Content Security Policy headers can provide additional defense layers against XSS attacks. Regular security assessments of web applications should include thorough testing of file upload mechanisms and input sanitization processes. Organizations should also maintain strict access controls and implement principle of least privilege for Webex Meetings administrative functions, as the vulnerability requires authentication to exploit, though it can be leveraged by attackers who have already gained valid credentials through other means. The ATT&CK framework categorizes this vulnerability under T1566 for credential access and T1059 for command and scripting interpreter, highlighting the multi-stage attack potential that security teams must address through comprehensive defensive measures.