Security News > 2018 > April > Cisco plugs critical hole in WebEx, users urged to upgrade ASAP
2018-04-19 12:11
Cisco has fixed a critical vulnerability in its WebEx videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a booby-trapped Flash file shared in a meeting. About the vulnerability (CVE-2018-0112) The flaw is due to insufficient input validation by the Cisco WebEx clients, and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server. (The Cisco WebEx Business Suite (WBS) meeting services and Cisco WebEx Meetings … More → The post Cisco plugs critical hole in WebEx, users urged to upgrade ASAP appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/9mf5QMMhLj8/
Related news
- Cisco warns of Webex for BroadWorks flaw exposing credentials (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- Cisco Webex bug lets hackers gain code execution via meeting links (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-0112 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. | 9.0 |