ASA-2018-00001 – Webex: Remote code execution


Allele Security Alert

ASA-2018-00001

Identifier(s)

ASA-2018-00001, CVE-2018-15442, CISCO-SA-20181024

Title

Remote code execution

Vendor(s)

Cisco

Product(s)

Cisco Webex Meetings Desktop App
Cisco Webex Productivity Tools Releases

Affected version(s)

Cisco Webex Meetings Desktop App releases prior to 33.5.6
Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.5

Fixed version(s)

Cisco Webex Meetings Desktop App 33.5.6
Cisco Webex Productivity Tools Releases 33.0.5

Description

Vulnerability that allows remote code execution as privileged user affects certain versions of Cisco Webex.

Technical details

Unknown

Credits

Ron Bowes and Jeff McJunkin

Reference(s)

WebExec FAQ
https://webexec.org/

Technical Rundown of WebExec
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec

Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

CVE-2018-15442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15442

CVE-2018-15442
https://nvd.nist.gov/vuln/detail/CVE-2018-15442

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 28, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.