Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0282
Cisco Security Advisory Cisco WebEx Meetings Server Command
Injection Vulnerability
5 February 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco WebEx Meetings Server
Publisher: Cisco Systems
Operating System: VMware ESX Server
Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0589
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability
Advisory ID: cisco-sa-20150204-wbx
Revision 1.0
For Public Release 2015 February 4 16:00 UTC (GMT)
- - ---------------------------------------------------------------------------------------
Summary
=======
A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system.
The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVNIdpopI1I6i1Mx3AQK3jg//VoUsfkTzWyRDXjeEMWLJczcH/GCN+c7c
C4yqhNM0qZfe9klBfpaTBgXUQ1m4zgEtqnJrceESCIiLkNj5G3u6DKq0gwlXpc+t
59qV6D+kCxyS8gGv9sdjDrZmk7ZzlKxpPoVeSgw7qFqPg95YnoQsGv06s5ddJy5b
fAqqGrnnkEZA6feFmg/bC79qKpE3vPck8vB+Zkgcr5VkhnwhWBwBFGj6TQzvs5ao
GQkh4aGZYwA1y1Ub9ZCiPULhiJqAs/3/+JoEzuJ+Vap4D7jRGqQXIcO1dxwiWMp8
IaLThYMERWkIUHB9EEijkuERsPEL2VNRlVlqorRpWOAqIDmR9xVjRWaUzxxLMN0K
Aqe966KM9cjEL1l+XOCbxSxVGuduAOXqrU6izrjHfCO2mk3i3wopg4F0ubBndl2x
ljZ/wgfQsBD6Ec4HE9LSpZUZRI7W5jghbiI2xkc8/yW2RfKQMvRuGpLZhDq1kU4X
hKMzNz2jS7kzC+u1VZQQiSPJH+15iRuCmoAlFQl4+gc2o0dGRq02AFI2ifSAjVvn
UlbO42dkcN1MIHpCnb3l/CLQz54rTCvbwizgEbgX0+adyZekdhKepn4yLwgGOiJC
hC5cvxruTphTfmdA1DYBWGAQOkc5U5LQ389T1imSEoI5Wbj+cO1O5Nc5fluY3Wj0
hSX1YVQ1B4Q=
=+3An
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVNK9iBLndAQH1ShLAQIyYA//dlWB6qk9nrtVvhZcTTzQu4nW5QC+ntB0
88Tg9zzN0pLkLKoP14I3an8GaKc9J2Vt81HF+4R0PUu6NHT53/maGR37oHlbU7Ka
2buH5RzgL0cDChLPFDjfAvHdnUmscv+R5H2p0Vc3OMyVwoe+gQghRmQ1Vv6ociUa
fUP6VFh0OVruFmgb+7drdlHZmCVI/yK9QcRUBBiqMAHjPbftC2GlCf0K2pqb6j9R
tTxgKhhzxLSvJxHb+oOO520eUTJHKrT/tGuWfXkqMiBcVIB/eeCAeHUt3+l2tJJu
es7hiEzc7fxIIejwdAcWscPNhilHLPXo43uS6gOgw4eXZmZeAYgwkS7ntQN04+DK
ldp/Kk5wZ+kSwQ9WZsBnCesggc/pPD+BPbiR+JwDksNAhe4yMH//np1Gq57aJIZ6
Cw1iUZKfzTXaGolhKiEaa5eAu7mYnym0Zn/ZKpdkXLLwBfjuDrcGnyEokM/yLblp
QrqXQrVl4mxXfSaH4Dv+sItzS7bLTtd9IEN9Sav6sQNiGF2mT8RwugxcHqOXPLgt
xD4vtX/Dj7IW3eeBpMJGjymaa1WPfvJZv7T9ulcvE0FW36TIHTsY4vIXu9Yy068Z
9J8x2NA7trqirUhOSKEvI+QZoJRwp4BIMKF8vkvX6QndKlRdjuBYmP1IeqRV2H7j
qozRB+vDioA=
=mNyP
-----END PGP SIGNATURE-----