[technology taskforce] Cisco security vulnerability in WebEx

Dev Anand Teelucksingh devtee at gmail.com
Thu Apr 19 16:42:19 UTC 2018


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx
Meetings, and Cisco WebEx Meetings Server could allow an authenticated,
remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient input validation by the Cisco
WebEx clients. An attacker could exploit this vulnerability by providing
meeting attendees with a malicious Flash (.swf) file via the file-sharing
capabilities of the client. Exploitation of this vulnerability could allow
arbitrary code execution on the system of a targeted user.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability

This vulnerability disclosed in this advisory affects the clients installed
by customers when accessing a WebEx meeting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20180419/28731ba7/attachment-0001.html>


More information about the ttf mailing list