Vulnerability Management

Cisco patches vulnerability in WebEx

Share

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.

The versions impacted are:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
  • Cisco WebEx Meetings with client builds prior to T32.10
  • Cisco WebEx Meetings Server builds prior to 2.8 MR2

“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds