Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0282 Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability 5 February 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Meetings Server Publisher: Cisco Systems Operating System: VMware ESX Server Cisco Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-0589 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability Advisory ID: cisco-sa-20150204-wbx Revision 1.0 For Public Release 2015 February 4 16:00 UTC (GMT) - - --------------------------------------------------------------------------------------- Summary ======= A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVNIdpopI1I6i1Mx3AQK3jg//VoUsfkTzWyRDXjeEMWLJczcH/GCN+c7c C4yqhNM0qZfe9klBfpaTBgXUQ1m4zgEtqnJrceESCIiLkNj5G3u6DKq0gwlXpc+t 59qV6D+kCxyS8gGv9sdjDrZmk7ZzlKxpPoVeSgw7qFqPg95YnoQsGv06s5ddJy5b fAqqGrnnkEZA6feFmg/bC79qKpE3vPck8vB+Zkgcr5VkhnwhWBwBFGj6TQzvs5ao GQkh4aGZYwA1y1Ub9ZCiPULhiJqAs/3/+JoEzuJ+Vap4D7jRGqQXIcO1dxwiWMp8 IaLThYMERWkIUHB9EEijkuERsPEL2VNRlVlqorRpWOAqIDmR9xVjRWaUzxxLMN0K Aqe966KM9cjEL1l+XOCbxSxVGuduAOXqrU6izrjHfCO2mk3i3wopg4F0ubBndl2x ljZ/wgfQsBD6Ec4HE9LSpZUZRI7W5jghbiI2xkc8/yW2RfKQMvRuGpLZhDq1kU4X hKMzNz2jS7kzC+u1VZQQiSPJH+15iRuCmoAlFQl4+gc2o0dGRq02AFI2ifSAjVvn UlbO42dkcN1MIHpCnb3l/CLQz54rTCvbwizgEbgX0+adyZekdhKepn4yLwgGOiJC hC5cvxruTphTfmdA1DYBWGAQOkc5U5LQ389T1imSEoI5Wbj+cO1O5Nc5fluY3Wj0 hSX1YVQ1B4Q= =+3An - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVNK9iBLndAQH1ShLAQIyYA//dlWB6qk9nrtVvhZcTTzQu4nW5QC+ntB0 88Tg9zzN0pLkLKoP14I3an8GaKc9J2Vt81HF+4R0PUu6NHT53/maGR37oHlbU7Ka 2buH5RzgL0cDChLPFDjfAvHdnUmscv+R5H2p0Vc3OMyVwoe+gQghRmQ1Vv6ociUa fUP6VFh0OVruFmgb+7drdlHZmCVI/yK9QcRUBBiqMAHjPbftC2GlCf0K2pqb6j9R tTxgKhhzxLSvJxHb+oOO520eUTJHKrT/tGuWfXkqMiBcVIB/eeCAeHUt3+l2tJJu es7hiEzc7fxIIejwdAcWscPNhilHLPXo43uS6gOgw4eXZmZeAYgwkS7ntQN04+DK ldp/Kk5wZ+kSwQ9WZsBnCesggc/pPD+BPbiR+JwDksNAhe4yMH//np1Gq57aJIZ6 Cw1iUZKfzTXaGolhKiEaa5eAu7mYnym0Zn/ZKpdkXLLwBfjuDrcGnyEokM/yLblp QrqXQrVl4mxXfSaH4Dv+sItzS7bLTtd9IEN9Sav6sQNiGF2mT8RwugxcHqOXPLgt xD4vtX/Dj7IW3eeBpMJGjymaa1WPfvJZv7T9ulcvE0FW36TIHTsY4vIXu9Yy068Z 9J8x2NA7trqirUhOSKEvI+QZoJRwp4BIMKF8vkvX6QndKlRdjuBYmP1IeqRV2H7j qozRB+vDioA= =mNyP -----END PGP SIGNATURE-----