eSentire White Logo

Security advisories | Feb 27, 2019

Multiple Vulnerabilities in Cisco Products

On May 2, 2018, Cisco reported on three vulnerabilities with CVSS scores of critical. The three vulnerabilities allow for remote code execution on affected systems. CVE-2018-02641 impacts Cisco WebEx, CVE-2018-02582 affects Cisco Prime File Upload and CVE-2018-02533 affect Cisco Secure Access Control Systems; for a full list of affected products see the Additional Information section below. At the time of writing, exploitation of these vulnerabilities has not been observed in the wild.

What we’re doing about it

  • The Threat Intelligence team is monitoring these vulnerabilities for additional information and exploitation in the wild

What you should do about it

  • Ensure that employees are aware of ongoing threats
  • Verify if affected products are deployed across networks
  • After performing a business impact review, apply all relevant Cisco security patches

Additional information

CVE Details:


  • Requires an end user to open a malicious link
  • Results in unauthenticated arbitrary code execution


  • Exploited by sending a specially crafted AMF message to the end user which executes upon delivery
  • Allowing for remote code execution.


  • May allow an attacker to upload arbitrary files to any directory of a device running the vulnerable software version
  • Allows execution of uploaded files

It should be noted that these vulnerabilities are not related to the Cisco WebEx vulnerability CVE-2018-0112, released on April 18 4.

Affected Products:


  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
  • Cisco WebEx Meetings with client builds prior to T32.12
  • Cisco WebEx Meeting Server builds prior to 3.0 Patch 1


  • Cisco Prime Data Center Network Manager (DCNM) - Version 10.0 and later
  • Cisco Prime Infrastructure (PI) - All versions


  • Cisco Secure ACS prior to Release 5.8 Patch 7


[1] Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability

[2] Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability

[3] Cisco Secure Access Control System Remote Code Execution Vulnerability

[4] Security Advisory: WebEx Remote Code Execution Vulnerability, designated CVE-2018-0112