1 min read

Cisco rolls out new wave of must-install WebEx patches

Filip TRUȚĂ

May 04, 2018

Cisco rolls out new wave of must-install WebEx patches

Cisco has released several patches for users of WebEx clients and its Access Control System, all of which are mandatory if users want to keep using the products safely. The release comes two weeks after the networking giant issued critical patches for an array of WebEx installments.

Advisory CVE-2018-0264 says the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files suffers from a vulnerability that, if exploited, “could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user.”

Various organizations use the players to play back WebEx meeting recordings. If your installation comes as part of Cisco WebEx Business Suite, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and the Cisco WebEx ARF Player, install the patch ASAP, as there are no workarounds for the flaw. To patch, users must perform a simple software update.

CVE-2018-0253 is about a weakness in the ACS Report component of Cisco Secure Access Control System (ACS) that could allow a remote attacker to take hold of the system without having to authenticate as a valid user.

“Commands executed by the attacker are processed at the targeted user’s privilege level,” Cisco says. “The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device.”

Finally, according to CVE-2018-0258, a vulnerability in the Cisco Prime File Upload servlet used by several Cisco products could allow a remote attacker to upload malicious files to a vulnerable device and execute whatever intentions he has. Users must update the servlet to patch the vulnerability.

Quite a number of Cisco products, in fact, do not suffer from this particular flaw. All of those unaffected products are listed in the advisory.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read