[technology taskforce] Cisco security vulnerability in WebEx
DANIEL NANGHAKA
dndannang at gmail.com
Thu Apr 19 17:25:31 UTC 2018
Thanks Dev for this, what's the extent of damage compared to the security
flaw that was discovered in Adobe Connect and led to it being discontinued.
I think we should make a thorough comparison because apparently there is no
platform that is secure 100%.
On Thursday, April 19, 2018, Dev Anand Teelucksingh <devtee at gmail.com>
wrote:
> https://tools.cisco.com/security/center/content/
> CiscoSecurityAdvisory/cisco-sa-20180418-wbs
>
> A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx
> Meetings, and Cisco WebEx Meetings Server could allow an authenticated,
> remote attacker to execute arbitrary code on a targeted system.
>
> The vulnerability is due to insufficient input validation by the Cisco
> WebEx clients. An attacker could exploit this vulnerability by providing
> meeting attendees with a malicious Flash (.swf) file via the file-sharing
> capabilities of the client. Exploitation of this vulnerability could allow
> arbitrary code execution on the system of a targeted user.
>
> Cisco has released software updates that address this vulnerability. There
> are no workarounds that address this vulnerability
>
> This vulnerability disclosed in this advisory affects the clients
> installed by customers when accessing a WebEx meeting.
>
>
--
Regards
Nanghaka Daniel K.
Executive Director - ILICIT Africa / Chair - FOSSFA / Community Lead - ISOC
Uganda Chapter / Geo4Africa Lead / Organising Team - FOSS4G2018
Mobile +256 772 898298 (Uganda)
Skype: daniel.nanghaka
----------------------------------------- *"Working for Africa" *
-----------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20180419/a4df1177/attachment.html>
More information about the ttf
mailing list