WebEx Remote Code Execution Vulnerability

A remote code execution vulnerability, designated CVE-2018-0112¹, has been discovered in three Cisco WebEx products. If security patches are not applied, a remote attacker may be able to execute malicious code on the machines of all individuals attending a WebEx meeting. The affected WebEx products fail to fully validate shared files, allowing the attacker to send and execute a malicious Adobe Flash (.swf) file. The eSentire Threat Intelligence team is not currently aware of any cases of CVE-2018-0112 being exploited in the wild.

What we’re doing about it

• The Threat Intelligence team is monitoring this topic for new information

What you should do about it

• Verify if affected products are employed across networks
• After performing a business impact review, apply all relevant Cisco security patches

Additional information

For this attack to be successfully executed, an attacker would require access to an ongoing Cisco WebEx Meeting. The attacker could then send a malicious flash file to all meeting attendees’ machines via the meeting file transfer tool. The file can then be executed on attendees’ machines. There is no known solution to this issue outside of applying the latest Cisco patches.

For additional information on this vulnerability and the patching process, please see the Cisco WebEx release ².

Affected products:

• Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
• Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
• Cisco WebEx Meetings with client builds prior to T32.10
• Cisco WebEx Meetings Server builds prior to 2.8 MR2

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-0112

[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs