On May 2, 2018 Cisco reported on three vulnerabilities with CVSS scores of critical. The three vulnerabilities allow for remote code execution on affected systems. CVE-2018-0264 1 impacts Cisco WebEx, CVE-2018-0258 2 affects Cisco Prime File Upload and CVE-2018-0253 3 affect Cisco Secure Access Control Systems; for a full list of affected products see the Additional Information section below. At the time of writing, exploitation of these vulnerabilities has not been observed in the wild. 

What we’re doing about it

  • The Threat Intelligence team is monitoring these vulnerabilities for additional information and exploitation in the wild

What you should do about it

  • Ensure that employees are aware of ongoing threats
  • Verify if affected products are deployed across networks
  • After performing a business impact review, apply all relevant Cisco security patches

Additional information

CVE Details:

CVE-2018-0264

  • Requires an end user to open a malicious link
  • Results in unauthenticated arbitrary code execution

CVE-2018-0253

  • Exploited by sending a specially crafted AMF message to the end user which executes upon delivery
  • Allowing for remote code execution.

CVE-2018-0258

  • May allow an attacker to upload arbitrary files to any directory of a device running the vulnerable software version
  • Allows execution of uploaded files

It should be noted that these vulnerabilities are not related the Cisco WebEx vulnerability   CVE-2018-0112, released on April 18 4.

Affected Products:

CVE-2018-0264

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
  • Cisco WebEx Meetings with client builds prior to T32.12
  • Cisco WebEx Meeting Server builds prior to 3.0 Patch 1

CVE-2018-0258

  • Cisco Prime Data Center Network Manager (DCNM) - Version 10.0 and later
  • Cisco Prime Infrastructure (PI) - All versions

CVE-2018-0253

  • Cisco Secure ACS prior to Release 5.8 Patch 7

[1]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war

[2]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

[3]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1

[4]https://www.esentire.com/news-and-events/security-advisories/webex-remote-code-execution-vulnerability/

eSentire Media Contacts

Rebecca Freiburger | eSentire | [email protected]

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?

Let's Talk