Millions of people can be attacked through a vulnerability in the Cisco WebEx conferencing platform.
Services for webinars and online meetings of Cisco WebEx occupy more than half of the global web conferencing market (53%), their 3r-37s. use
over 20 million people. SkullSecurity and Counter Hack specialists this week. discovered 3r3386. vulnerability in the desktop version of WebEx for Windows, allowing to execute arbitrary commands with system privileges. 3r311. 3r3386.
What is the problem
Vulnerability identified in the service update application Cisco Webex Meetings Desktop for Windows and is associated with insufficient verification of user settings.
It can allow an authenticated local attacker to execute arbitrary commands as the privileged user of the SYSTEM. According to experts who have found a mistake, the vulnerability can also be used remotely.
The researchers say that the WebExService service with the argument software-update will launch any user command. Interestingly, to run commands, it uses the token from the system process winlogon.exe, that is, the commands will be run with maximum privileges in the system.
C: Usersron> sc ???.10 start webexservice a software-update 1 wmic process call create "cmd.exe" 3r3338.
Microsoft Windows[Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C: Windowssystem32> whoami
For remote operation, an attacker will need only a regular Windows tool to manage the sc.exe services.
How to protect yourself
To protect against this vulnerability, Cisco WebEx rolled out a patch with the addition of verification. Now the service checks if the executable file of the parameters is signed by WebEx. If the file does not have the correct signature, the service will stop working.
Users need to upgrade Cisco Webex Meetings Desktop to versions ??? and ???. To do this, you need to launch the Cisco Webex Meetings application and click the gear in the upper right corner of the application window, and then select the item “Check for updates” from the drop-down list.
Administrators can install the update at once for all their users, using the following 3r3357. recommendations from Cisco for mass deployment of application 3r3386. .
In addition, experts from Positive Technologies created a signature IDS Suricata to identify attempts to exploit the vulnerability 3r3633. CVE-2018-15442 and prevent them. Users PT Network Attack Discovery This rule is already available through the update mechanism.
3r373. Cisco WebEx. Probing and exploiting #RCE 3r376. #WebExec
Affected: 3r380. #Suricata
rules: 3r382. https://t.co/xTzuRcvEtS
3r3384. - Attack Detection (@AttackDetection) October 2? 201
It may be interesting