Executive Summary
Summary | |
---|---|
Title | Cisco WebEx Clients Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180418-wbs | First vendor Publication | 2018-04-18 |
Vendor | Cisco | Last vendor Modification | 2018-04-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJa1274XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz35YP/iRm5g+2bcmdETlc15BQGSTuWVCI x2MHrb9imVI59X5Kj20TdICCnWSDMy/sWgQ4YNgl1cQMMm7+qN2kP7EizCWUkvFF cNep47p8zs5K6MWlraG3vxsoEs9D9VqBNce3Xq4dSynaSIY4KUzOxy4hmGhtUqg1 6Zk7eVyay/9AjbbflrfwZfFNdhauZUO2JFir3QDX5Uv3egi7pvojisyrSkDeSALL WmN1cEE1sKUBntRi3xqL9p1CLaLPLmjlk1XBygvWncOPS/JMRUAaz54k/MG9XIx7 mmU9EnFWczCY9mQxQzk0zHycoe7hgnwcEtoc8GHxElIQoYtNW7d90dgTPSkw3wE8 wKZCusl1G6KIYFMxTq6kr45s+zgWKlwY+LX6R2xB64m1uvcvdpHcAjgyOZ23CR+s JyT+YQfebR56t5nYMqfvM2pbHx+H5Dxnxl/sHUTNLc1bKq+SQcUovIpUnGr1cyPb V+S+z2MJQRHhzTjr4n6xE7AGARmqukPFBoueP9xnQuN8zUInlV8M9TMjU6FKBstf yMa193QimHrnRBX6xuznhlcd2UyPLIG+9spwel1tOh3jrZgxzVe5DOODlstD3yuT +UemvYCe3tTn9S5Vhekp8TPgwh59CvnbVYRGHN3E1+QW23Ho2CBnW+xO8RxQknvC oM2ODEeAwap+kBwR =Pf07 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | 2 | |
Application | 3 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Flash file external url request attempt RuleID : 46103 - Revision : 1 - Type : POLICY-OTHER |
2020-12-05 | Flash file external url request attempt RuleID : 46102 - Revision : 1 - Type : POLICY-OTHER |
Alert History
Date | Informations |
---|---|
2018-05-22 21:21:33 |
|
2018-04-20 00:21:17 |
|
2018-04-18 21:18:29 |
|