[c-nsp] Cisco Security Advisory: Cisco WebEx Meetings Server Remote Command Execution Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Sep 14 12:05:01 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco WebEx Meetings Server Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160914-wem

Revision 1.0

For Public Release 2016 September 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system.

The vulnerability is due to insufficient sanitization of user-supplied data processed by the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands into existing application scripts running on a targeted device located in a DMZ. Successful exploitation could allow an attacker to execute arbitrary commands on the device with elevated privileges.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem

-----BEGIN PGP SIGNATURE-----

iQIVAwUBV9lf6q89gD3EAJB5AQIoJBAA5Y9/x54ie9exP/AwLfmAuy4YyrkNJHDA
/WyCCTj9LcoLFvJQxnJAmTxKo+Mcdjr3kRIVgvqBA/uJUWgEg5qenDKwez2W7EZK
QOtbL9C8bRug4yFo47rJuRbXgxtCuHS/v9Wmldyk2Q9DzA4+Mb4vR255p7qPYrYs
ZHRJl8N7MBGDtWaz416sDwWWiN2Xm9Q+2h3mTPH7nJLWFlTKSKTMHjhProansYu6
wjqu12ie6PvyoFDmR9NUiiLX96fqO2vzigFDlAfZLmbRTlSbDSzYym8P9sEB4NT1
yv76VtE7s0MDSULPtg9zOtS4v/9Km+sSfA1AtimEwFQEdwGB32lYt/tmSGVT16d6
7zj9Sa+v5FQEWPaQDQ5C0CdMEnL/BkdRmp5L3Uk7R12qsA9kYRAvlWARAeOBhM/W
Fg9yOsSqTdJyAsExqZnLmdk005/S0XgxckxM1Lo+z05w4xMyhKfVZsWGKwPci32c
ENN/FnqFdMs5pHTeRGtotEzwEx8i6IGHdEsi+3Jk0ez8LdIbgHKXPbjF8imV5A+f
TciTSXx61TNx9XzOb0TTuv6ECbcWkPW/BAG9HndceoeOHEmjsCeX8KCXfwr8Ua0B
4zX4mH2MmNwTTrji+eYas2nppRZszu2MzhzFgXLuo0Z9ksBNtZa9TMnZ3zJV5z2t
KECiQzGzfgw=
=dXSP
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list