CYBER NEWS

CVE-2018-0112 in Cisco WebEx Could Lead to Remote Attacks

Another critical vulnerability identified as CVE-2018-0112 has been fixed Cisco WebEx videoconferencing software solution.

Customers download and use the WebEx client application to attend meetings on Cisco WebEx Centers The bug could be leveraged by attackers to intercept conference call attendees’ systems by executing a booby-trapped Flash file in the particular meeting.

Related Story: 3,500 Cisco Network Switches in Iran Hacked by JHT Hacking Group

CVE-2018-0112 Technical Overview

The vulnerability is triggered by insufficient input validation by the Cisco WebEx clients and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server.

More specifically, the bug in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system, as explained by the company in an advisory.

The vulnerability stems from insufficient input validation by the Cisco WebEx clients. An attacker could exploit CVE-2018-0112 by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. In other words, a successful exploit of the bug could allow arbitrary code execution on the system of a targeted user.

Fortunately, Cisco has already released patches that address the flaw. Please note that there are no workarounds that address this vulnerability.

Also, Cisco says that there is no evidence of the bug being exploited in the wild. As for who discovered and reported it – Alexandros Zacharis, an officer in the European Union Agency for Network and Information Security (ENISA).

More information is available on Cisco’s advisory. Affected users should patch their software as soon as possible to avoid any compromise.

Related Story: CVE-2018-0171- Small Instant Client Bug In Thousands of Cisco Switches

Cisco has been in the spotlight lately due to a bunch of security flaws discovered in its products. One of these bugs was found in Cisco IOS Software and Cisco IOS XE Software, and its exploit could lead to remote code execution and a denial-of-service condition. An unauthenticated, remote attacker could execute arbitrary code to take full control over a compromised network as well as intercept its traffic. This flaw has been identified as CVE-2018-0171.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...