Another critical vulnerability identified as CVE-2018-0112 has been fixed Cisco WebEx videoconferencing software solution.
Customers download and use the WebEx client application to attend meetings on Cisco WebEx Centers The bug could be leveraged by attackers to intercept conference call attendees’ systems by executing a booby-trapped Flash file in the particular meeting.
CVE-2018-0112 Technical Overview
The vulnerability is triggered by insufficient input validation by the Cisco WebEx clients and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server.
More specifically, the bug in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system, as explained by the company in an advisory.
The vulnerability stems from insufficient input validation by the Cisco WebEx clients. An attacker could exploit CVE-2018-0112 by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. In other words, a successful exploit of the bug could allow arbitrary code execution on the system of a targeted user.
Fortunately, Cisco has already released patches that address the flaw. Please note that there are no workarounds that address this vulnerability.
Also, Cisco says that there is no evidence of the bug being exploited in the wild. As for who discovered and reported it – Alexandros Zacharis, an officer in the European Union Agency for Network and Information Security (ENISA).
More information is available on Cisco’s advisory. Affected users should patch their software as soon as possible to avoid any compromise.
Cisco has been in the spotlight lately due to a bunch of security flaws discovered in its products. One of these bugs was found in Cisco IOS Software and Cisco IOS XE Software, and its exploit could lead to remote code execution and a denial-of-service condition. An unauthenticated, remote attacker could execute arbitrary code to take full control over a compromised network as well as intercept its traffic. This flaw has been identified as CVE-2018-0171.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: