Allele Security Alert
ASA-2018-00001
Identifier(s)
ASA-2018-00001, CVE-2018-15442, CISCO-SA-20181024
Title
Remote code execution
Vendor(s)
Cisco
Product(s)
Cisco Webex Meetings Desktop App
Cisco Webex Productivity Tools Releases
Affected version(s)
Cisco Webex Meetings Desktop App releases prior to 33.5.6
Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.5
Fixed version(s)
Cisco Webex Meetings Desktop App 33.5.6
Cisco Webex Productivity Tools Releases 33.0.5
Description
Vulnerability that allows remote code execution as privileged user affects certain versions of Cisco Webex.
Technical details
Unknown
Credits
Ron Bowes and Jeff McJunkin
Reference(s)
WebExec FAQ
https://webexec.org/
Technical Rundown of WebExec
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection
CVE-2018-15442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15442
CVE-2018-15442
https://nvd.nist.gov/vuln/detail/CVE-2018-15442
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 28, 2019