Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Releases Second Patch for Webex Meetings Vulnerability

Cisco has released a new round of patches for a potentially serious Webex vulnerability first addressed one month ago.

Cisco has released a new round of patches for a potentially serious Webex vulnerability first addressed one month ago.

The vulnerability in question is tracked as CVE-2018-15442 and the Counter Hack researchers who discovered it have dubbed it WebExec. It affects releases prior to 33.6.4 of the Cisco Webex Meetings desktop app, and Webex Productivity Tools releases 32.6.0 and later, prior to 33.0.6.

Cisco first released fixes on October 24, when the researchers made their findings public along with proof-of-concept (PoC) code.

The security hole, caused by insufficient validation of user-supplied parameters, allows a local and authenticated attacker to execute arbitrary commands with SYSTEM privileges. However, Cisco warned that remote exploitation may also be possible in Active Directory deployments.

Days after the details of the vulnerability were made public, researchers at SecureAuth discovered that Cisco’s patch was incomplete – it can be bypassed using a technique known as DLL hijacking.

“The vulnerability can be exploited by copying to an a local attacker controller folder, the ptUpdate.exe binary. Also, a malicious dll must be placed in the same folder, named wbxtrace.dll,” SecureAuth wrote in an advisory published on Tuesday. “To gain privileges, the attacker must start the service with the command line: sc start webexservice install software-update 1 ‘attacker-controlled-path’ (if the parameter 1 doesn’t work, then 2 should be used).”

SecureAuth notified Cisco on November 9 and the networking giant quickly confirmed the findings. Cisco on Tuesday released a new set of patches and updated its initial advisory to inform users of the incomplete patch.

“After an additional attack method was reported to Cisco, the previous fix for this vulnerability was determined to be insufficient. A new fix was developed, and the advisory was updated on November 27, 2018, to reflect which software releases include the complete fix,” Cisco wrote.

SecureAuth’s advisory contains PoC code demonstrating the company’s findings.

Related: Cisco Patches Code Execution in Webex Player

Related: Cisco Patches Critical Flaws in WebEx, UCS Director

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.