Cisco has fixed two high severity vulnerabilities in its Webex video conferencing software that could allow unprivileged attackers to execute programs and code on vulnerable systems. The two vulnerabilities, followed by CVE-2020-3263 and CVE-2020-3342, affect versions of the Cisco Webex Meetings desktop app earlier than version 39.5.12. and all Webex users should update their software to the latest version to avoid falling victim to potential attacks. In an advisory about the arbitrary program execution flaw affecting the Windows Webex client, Cisco provided more details about the vulnerability and explained what an attacker could do to a user's system after a successful exploit, by saying: "The vulnerability is due to incorrect validation of inputs provided to application URLs. The attacker could exploit the vulnerability by convincing a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to run other programs already present on the end user's system. If malicious files are placed on the system or in an accessible network file path, the attacker could execute arbitrary code on the affected system."