CVE-2018-0112 — Improper Input Validation in Cisco Webex Business Suite 31

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

1.3%

top 20.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Business Suite 31 Cisco Webex Business Suite 32 Cisco Webex Meetings +1 more

Timeline

PublishedApr 19

Latest updateMay 13

Description

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

▶NVDcisco/webex_meetings_server2.7, 2.8, 3.0+2

▶NVDcisco/webex_business_suite_31< t31.23.2

▶NVDcisco/webex_business_suite_32< t32.10

▶NVDcisco/webex_meetingst31

🔴Vulnerability Details

GHSA

GHSA-rc89-r9w6-g3gv: A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote atta↗2022-05-13

▶

CVEList

CVE-2018-0112: A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote atta↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco WebEx Clients Remote Code Execution Vulnerability↗2018-04-18

▶