Executive Summary
Summary | |
---|---|
Title | Cisco WebEx Browser Extension Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170124-webex | First vendor Publication | 2017-01-24 |
Vendor | Cisco | Last vendor Modification | 2017-01-22 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex BEGIN PGP SIGNATURE iQIVAwUBWIeo6q89gD3EAJB5AQK3ow//aUWUWxVoRUzo9hxvdE0dquUjKAv7/suF XG8uxNPpZ9xfSs988E07Kt6uF5sJu4xl8YaqYWj0L79jxs4o8fUmmzyFInJMZhOd 8swAjuz6ihVTe+Nj6ahcxEoRRbkNYt77YZAg4m8ngM/5r+QSZRSw4nVpOvLqP9Wv KBjbDVhVMjJ+eGBOEJhfCD8fdXWVIe6RvP5jj7RjaCYWl9yrSFsfO1ccysoCInNk aXKbEwRXeVc3CJHqzg0GUXXnJLZ0jQv81bAGaieCt8eFTjbyK3zghHOxhFK+IUJl ol8ARSbrUpBL5/wSodhtHe9+IzUjiYIMnWiJBLrRWHSi4IXuN8PYOG9cTIaFVEGO QIf83/FDVe+Y5WdfvMwQDDOnQFe/X47GllPoiG4aPouuc7XcbbdZZxZm2kjsdhhz 85sh+VX8giL4u2OOqLSDlLuThqwMSt+1jeq7El/mm7LemNI2y69JUORthcQvOBXE JGiaOfJKc/hJIypyWFzB/eaCbv1cdcny6hAtDIXhyW6AgcNBoTYAIyRiowrgtzWB 3z9yAlFklWKqD6x1zHXEPn8HYSl97oaabXG1yq3quEMSufXT9YsAzElYPBLxUs3B B7z9mpLgdp+5/rdnpDla4ToNYYb/21f2WqDRHAS2FKPhvhAEwt8fBFiulWKBXQaz 3Fpq3hxXY4s= =dTTj END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
WebEx browser extension command execution | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2017-01-27 | Cisco Webex explicit use of web plugin detected RuleID : 41409-community - Revision : 7 - Type : POLICY-OTHER |
2017-02-25 | Cisco Webex explicit use of web plugin detected RuleID : 41409 - Revision : 6 - Type : POLICY-OTHER |
2017-02-25 | Cisco WebEx extension command execution attempt RuleID : 41408 - Revision : 3 - Type : BROWSER-OTHER |
2017-02-25 | Cisco WebEx extension command execution attempt RuleID : 41407 - Revision : 3 - Type : BROWSER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-31 | Name : A browser extension installed on the remote host is affected by a remote code... File : cisco_webex_extension_rce_firefox.nasl - Type : ACT_GATHER_INFO |
2017-01-31 | Name : A browser extension installed on the remote host is affected by a remote code... File : cisco_webex_extension_rce_ie.nasl - Type : ACT_GATHER_INFO |
2017-01-25 | Name : A browser extension installed on the remote host is affected by a remote code... File : cisco_webex_extension_rce.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-02-25 05:23:58 |
|
2017-02-01 17:25:56 |
|
2017-02-01 13:25:46 |
|
2017-01-26 13:24:35 |
|
2017-01-24 21:22:42 |
|