Executive Summary
Summary | |
---|---|
Title | Cisco WebEx Meetings Server Remote Command Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160914-wem | First vendor Publication | 2016-09-14 |
Vendor | Cisco | Last vendor Modification | 2016-09-14 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied data processed by the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands into existing application scripts running on a targeted device located in a DMZ. Successful exploitation could allow an attacker to execute arbitrary commands on the device with elevated privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem BEGIN PGP SIGNATURE iQIVAwUBV9lf6q89gD3EAJB5AQIoJBAA5Y9/x54ie9exP/AwLfmAuy4YyrkNJHDA /WyCCTj9LcoLFvJQxnJAmTxKo+Mcdjr3kRIVgvqBA/uJUWgEg5qenDKwez2W7EZK QOtbL9C8bRug4yFo47rJuRbXgxtCuHS/v9Wmldyk2Q9DzA4+Mb4vR255p7qPYrYs ZHRJl8N7MBGDtWaz416sDwWWiN2Xm9Q+2h3mTPH7nJLWFlTKSKTMHjhProansYu6 wjqu12ie6PvyoFDmR9NUiiLX96fqO2vzigFDlAfZLmbRTlSbDSzYym8P9sEB4NT1 yv76VtE7s0MDSULPtg9zOtS4v/9Km+sSfA1AtimEwFQEdwGB32lYt/tmSGVT16d6 7zj9Sa+v5FQEWPaQDQ5C0CdMEnL/BkdRmp5L3Uk7R12qsA9kYRAvlWARAeOBhM/W Fg9yOsSqTdJyAsExqZnLmdk005/S0XgxckxM1Lo+z05w4xMyhKfVZsWGKwPci32c ENN/FnqFdMs5pHTeRGtotEzwEx8i6IGHdEsi+3Jk0ez8LdIbgHKXPbjF8imV5A+f TciTSXx61TNx9XzOb0TTuv6ECbcWkPW/BAG9HndceoeOHEmjsCeX8KCXfwr8Ua0B 4zX4mH2MmNwTTrji+eYas2nppRZszu2MzhzFgXLuo0Z9ksBNtZa9TMnZ3zJV5z2t KECiQzGzfgw= =dXSP END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-09-17 | Cisco WebEx Meetings Server config_dmz remote code execution attempt RuleID : 40240 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2016-09-19 21:21:08 |
|
2016-09-18 05:22:32 |
|
2016-09-14 21:23:26 |
|