A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.
The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.
The versions impacted are:
- Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
- Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
- Cisco WebEx Meetings with client builds prior to T32.10
- Cisco WebEx Meetings Server builds prior to 2.8 MR2
“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.