On May 2, 2018 Cisco reported on three vulnerabilities with CVSS scores of critical. The three vulnerabilities allow for remote code execution on affected systems. CVE-2018-0264 1 impacts Cisco WebEx, CVE-2018-0258 2 affects Cisco Prime File Upload and CVE-2018-0253 3 affect Cisco Secure Access Control Systems; for a full list of affected products see the Additional Information section below. At the time of writing, exploitation of these vulnerabilities has not been observed in the wild.
What we’re doing about it
- The Threat Intelligence team is monitoring these vulnerabilities for additional information and exploitation in the wild
What you should do about it
- Ensure that employees are aware of ongoing threats
- Verify if affected products are deployed across networks
- After performing a business impact review, apply all relevant Cisco security patches
- Requires an end user to open a malicious link
- Results in unauthenticated arbitrary code execution
- Exploited by sending a specially crafted AMF message to the end user which executes upon delivery
- Allowing for remote code execution.
- May allow an attacker to upload arbitrary files to any directory of a device running the vulnerable software version
- Allows execution of uploaded files
It should be noted that these vulnerabilities are not related the Cisco WebEx vulnerability CVE-2018-0112, released on April 18 4.
- Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
- Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
- Cisco WebEx Meetings with client builds prior to T32.12
- Cisco WebEx Meeting Server builds prior to 3.0 Patch 1
- Cisco Prime Data Center Network Manager (DCNM) - Version 10.0 and later
- Cisco Prime Infrastructure (PI) - All versions
- Cisco Secure ACS prior to Release 5.8 Patch 7