A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote malicious user to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds before 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco webex meetings server 2.7 |
||
cisco webex meetings server 2.8 |
||
cisco webex meetings server 3.0 |
||
cisco webex meetings t31 |
||
cisco webex business suite 31 |
||
cisco webex business suite 32 |
Cisco's Prime and Secure Access Control also have critical-rated bugs to squash
It's time for Cisco's Midweek Misery, netadmins, with four critical vulns to patch and a slew of others to look over if you have time. WebEx has two nasties, CVE-2018-0112 and CVE-2018-0264. CVE-2018-0112 is a remote code execution (RCE) vulnerability in two clients (the WebEx Business Suite client and WebEx Meetings), and the WebEx Meetings Server. It's an input validation slip-up that means an attacker can share a malicious Flash file (extension .swf) within WebEx and execute code on a victim'...
Cisco issues critical patch to stop in-meeting attacks
Cisco has patched a serious vulnerability in its WebEx software that lets an attacker remotely execute code on target machines via poisoned Adobe Flash files. Switchzilla is today advising all users running WebEx Business Suite or WebEx Meetings (both client and server) to update their software in order to patch CVE-2018-0112. The vulnerability, discovered and reported to Cisco by researcher Alexandros Zacharis of ENISA (the EU's network and information security body), stems from the failure by ...