Executive Summary

Summary
Title Cisco WebEx Clients Remote Code Execution Vulnerability
Informations
Name cisco-sa-20180418-wbs First vendor Publication 2018-04-18
Vendor Cisco Last vendor Modification 2018-04-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJa1274XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz35YP/iRm5g+2bcmdETlc15BQGSTuWVCI x2MHrb9imVI59X5Kj20TdICCnWSDMy/sWgQ4YNgl1cQMMm7+qN2kP7EizCWUkvFF cNep47p8zs5K6MWlraG3vxsoEs9D9VqBNce3Xq4dSynaSIY4KUzOxy4hmGhtUqg1 6Zk7eVyay/9AjbbflrfwZfFNdhauZUO2JFir3QDX5Uv3egi7pvojisyrSkDeSALL WmN1cEE1sKUBntRi3xqL9p1CLaLPLmjlk1XBygvWncOPS/JMRUAaz54k/MG9XIx7 mmU9EnFWczCY9mQxQzk0zHycoe7hgnwcEtoc8GHxElIQoYtNW7d90dgTPSkw3wE8 wKZCusl1G6KIYFMxTq6kr45s+zgWKlwY+LX6R2xB64m1uvcvdpHcAjgyOZ23CR+s JyT+YQfebR56t5nYMqfvM2pbHx+H5Dxnxl/sHUTNLc1bKq+SQcUovIpUnGr1cyPb V+S+z2MJQRHhzTjr4n6xE7AGARmqukPFBoueP9xnQuN8zUInlV8M9TMjU6FKBstf yMa193QimHrnRBX6xuznhlcd2UyPLIG+9spwel1tOh3jrZgxzVe5DOODlstD3yuT +UemvYCe3tTn9S5Vhekp8TPgwh59CvnbVYRGHN3E1+QW23Ho2CBnW+xO8RxQknvC oM2ODEeAwap+kBwR =Pf07 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2
Application 2
Application 3

Snort® IPS/IDS

Date Description
2020-12-05 Flash file external url request attempt
RuleID : 46103 - Revision : 1 - Type : POLICY-OTHER
2020-12-05 Flash file external url request attempt
RuleID : 46102 - Revision : 1 - Type : POLICY-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-05-22 21:21:33
  • Multiple Updates
2018-04-20 00:21:17
  • Multiple Updates
2018-04-18 21:18:29
  • First insertion