Security News Critical Cisco WebEx Bug Allows Remote Code Execution

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/
A critical vulnerability in the recording function of Cisco Systems’ WebEx conferencing platform has been uncovered, allowing for remote code execution. Attackers can use the flaw by convincing users to open a file purporting to be a recording of a past WebEx event.


The bug (CVE-2018-0264) exists in the platform’s Recording Player for Advanced Recording Format (ARF), which allows users to play back WebEx meeting recordings. The player is installed automatically when a user accesses a recording file hosted on a WebEx server. Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, the Cisco WebEx Meetings Server and the Cisco WebEx ARF Player itself are all affected.
Click to expand...

WebEx is widely deployed, and is used for audio and web conferencing along with broadcast applications like webinars and corporate C-suite speeches. Cisco said in an advisory that attackers can take advantage of this large attack surface via social engineering and spam campaigns, with the aim of convincing users to open a malicious ARF file.


Given how many businesses use WebEx, and how many workers attend WebEx meetings and events, it’s easily conceivable that an email using a lure along the lines of “Thanks for attending our webinar. Follow the link to access the event on-demand” could be spectacularly effective.

If clicked, the file opens the door to executing arbitrary code on the user’s system.

There are no workarounds that address the problem, but it’s possible to remove all WebEx software completely from a system by using a specialized tool created by Cisco. The IT giant has also made a patch available for the affected products.
Click to expand...
 
  • Like
Reactions: upnorth, harlan4096 and Deleted member 65228
D

Deleted member 65228

Yikes! :sick:

Anyway, it still requires user-intervention to open a file so at-least it isn't even less user-interaction dependent. On the bright side, Cisco have released patches.

Social engineering is a very important weakness to investigate though. You can never full-proof against it, but you can harden yourself to catch out social engineering attempts before any harm is done and distance yourself from being a target.
 
  • Like
Reactions: LASER_oneXM and harlan4096
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Applause
Google introduces interoperability between Zoom and Google Meet for meetings
Replies
1
Views
394
News Archive
brambedkar59
brambedkar59
Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,168
News Archive
codswollip
codswollip
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
447
Security News
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top