Cisco WebEx Meetings Server Input Validation Flaw Lets Remote Authenticated Users Execute Arbitrary Commands
SecurityTracker Alert ID: 1031692|
SecurityTracker URL: http://securitytracker.com/id/1031692
(Links to External Site)
Date: Feb 4 2015
Execution of arbitrary code via network, Root access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 1.0, 1.1, 1.5|
A vulnerability was reported in Cisco WebEx Meetings Server. A remote authenticated user can execute arbitrary commands on the target system.|
A remote authenticated user can send specially crafted data to the administrative web interface to execute arbitrary commands on the target system. The commands will run with root privileges.
The vendor has assigned bug ID CSCuj40460 to this vulnerability.
Versions 2.0 and 2.5 are not affected.
A remote authenticated user can execute arbitrary commands on the target system with root privileges.|
The vendor has issued a fix.|
The vendor's advisory is available at:
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx (Links to External Site)
Input validation error|
Source Message Contents
Subject: Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability|
-----BEGIN PGP SIGNED MESSAGE-----
Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability
Advisory ID: cisco-sa-20150204-wbx
For Public Release 2015 February 4 16:00 UTC (GMT)
A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system.
The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
-----END PGP SIGNATURE-----