Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Clients Remote Code Execution Vulnerability

cisco-sa-20180418-wbs · Critical · Published · Updated

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, it is possible to remove all WebEx software completely from a system by using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X users), both of which are available for download from the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX000026396 ["https://collaborationhelp.cisco.com/article/en-us/WBX000026396"].

Removal of the WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX28548 ["https://collaborationhelp.cisco.com/article/en-us/WBX28548"].

CVEsCVE-2018-0112
Cisco Bug IDsCSCvg19384, CSCvi10746
CVSS ScoreBase 9.0
Base 9.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx Event Center, Cisco WebEx Meeting Center, Cisco WebEx Support Center, Cisco WebEx Training Center, Cisco WebEx Meetings Server, Cisco Webex Meetings

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2018-0112 Cisco OpenVuln
Cisco WebEx Training Center CVE-2018-0112 Cisco OpenVuln
Cisco WebEx Support Center CVE-2018-0112 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2018-0112 Cisco OpenVuln
Cisco WebEx Meeting Center CVE-2018-0112 Cisco OpenVuln
Cisco WebEx Event Center CVE-2018-0112 Cisco OpenVuln