—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco WebEx Clients Remote Code Execution Vulnerability
Advisory ID: cisco-sa-20180418-wbs
Revision: 1.0
For Public Release: 2018 April 18 16:00 GMT
Last Updated: 2018 April 18 16:00 GMT
CVE ID(s): CVE-2018-0112
CVSS Score v(3): 9.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJa1274XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz35YP/iRm5g+2bcmdETlc15BQGSTuWVCI
x2MHrb9imVI59X5Kj20TdICCnWSDMy/sWgQ4YNgl1cQMMm7+qN2kP7EizCWUkvFF
cNep47p8zs5K6MWlraG3vxsoEs9D9VqBNce3Xq4dSynaSIY4KUzOxy4hmGhtUqg1
6Zk7eVyay/9AjbbflrfwZfFNdhauZUO2JFir3QDX5Uv3egi7pvojisyrSkDeSALL
WmN1cEE1sKUBntRi3xqL9p1CLaLPLmjlk1XBygvWncOPS/JMRUAaz54k/MG9XIx7
mmU9EnFWczCY9mQxQzk0zHycoe7hgnwcEtoc8GHxElIQoYtNW7d90dgTPSkw3wE8
wKZCusl1G6KIYFMxTq6kr45s+zgWKlwY+LX6R2xB64m1uvcvdpHcAjgyOZ23CR+s
JyT+YQfebR56t5nYMqfvM2pbHx+H5Dxnxl/sHUTNLc1bKq+SQcUovIpUnGr1cyPb
V+S+z2MJQRHhzTjr4n6xE7AGARmqukPFBoueP9xnQuN8zUInlV8M9TMjU6FKBstf
yMa193QimHrnRBX6xuznhlcd2UyPLIG+9spwel1tOh3jrZgxzVe5DOODlstD3yuT
+UemvYCe3tTn9S5Vhekp8TPgwh59CvnbVYRGHN3E1+QW23Ho2CBnW+xO8RxQknvC
oM2ODEeAwap+kBwR
=Pf07
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com