Security advisories

WebEx Remote Code Execution Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

A remote code execution vulnerability, designated CVE-2018-01121, has been discovered in three Cisco WebEx products. If security patches are not applied, a remote attacker may be able to execute malicious code on the machines of all individuals attending a WebEx meeting. The affected WebEx products fail to fully validate shared files, allowing the attacker to send and execute a malicious Adobe Flash (.swf) file. The eSentire Threat Intelligence team is not currently aware of any cases of CVE-2018-0112 being exploited in the wild.

What we’re doing about it

What you should do about it

Additional information

For this attack to be successfully executed, an attacker would require access to an ongoing Cisco WebEx Meeting. The attacker could then send a malicious flash file to all meeting attendees’ machines via the meeting file transfer tool. The file can then be executed on attendees’ machines. There is no known solution to this issue outside of applying the latest Cisco patches.

For additional information on this vulnerability and the patching process, please see the Cisco WebEx release 2.

Affected products:

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-0112

[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

View Most Recent Advisories