Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2167 Multiple vulnerabilities have been identified in Cisco WebEx Meetings Server 15 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Meetings Server Publisher: Cisco Systems Operating System: Cisco Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-1482 CVE-2016-1483 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem Comment: This bulletin contains two (2) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco WebEx Meetings Server Remote Command Execution Vulnerability Advisory ID: cisco-sa-20160914-wem Revision 1.0 For Public Release 2016 September 14 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied data processed by the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands into existing application scripts running on a targeted device located in a DMZ. Successful exploitation could allow an attacker to execute arbitrary commands on the device with elevated privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem - -----BEGIN PGP SIGNATURE----- iQIVAwUBV9lf6q89gD3EAJB5AQIoJBAA5Y9/x54ie9exP/AwLfmAuy4YyrkNJHDA /WyCCTj9LcoLFvJQxnJAmTxKo+Mcdjr3kRIVgvqBA/uJUWgEg5qenDKwez2W7EZK QOtbL9C8bRug4yFo47rJuRbXgxtCuHS/v9Wmldyk2Q9DzA4+Mb4vR255p7qPYrYs ZHRJl8N7MBGDtWaz416sDwWWiN2Xm9Q+2h3mTPH7nJLWFlTKSKTMHjhProansYu6 wjqu12ie6PvyoFDmR9NUiiLX96fqO2vzigFDlAfZLmbRTlSbDSzYym8P9sEB4NT1 yv76VtE7s0MDSULPtg9zOtS4v/9Km+sSfA1AtimEwFQEdwGB32lYt/tmSGVT16d6 7zj9Sa+v5FQEWPaQDQ5C0CdMEnL/BkdRmp5L3Uk7R12qsA9kYRAvlWARAeOBhM/W Fg9yOsSqTdJyAsExqZnLmdk005/S0XgxckxM1Lo+z05w4xMyhKfVZsWGKwPci32c ENN/FnqFdMs5pHTeRGtotEzwEx8i6IGHdEsi+3Jk0ez8LdIbgHKXPbjF8imV5A+f TciTSXx61TNx9XzOb0TTuv6ECbcWkPW/BAG9HndceoeOHEmjsCeX8KCXfwr8Ua0B 4zX4mH2MmNwTTrji+eYas2nppRZszu2MzhzFgXLuo0Z9ksBNtZa9TMnZ3zJV5z2t KECiQzGzfgw= =dXSP - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco WebEx Meetings Server Denial of Service Vulnerability Advisory ID: cisco-sa-20160914-wms Revision 1.0 For Public Release 2016 September 14 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper validation of user accounts by specific services. An unauthenticated, remote attacker could exploit this vulnerability by repeatedly attempting to access a specific service, causing the system to perform computationally intensive tasks and resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wms - -----BEGIN PGP SIGNATURE----- iQIVAwUBV9lgCa89gD3EAJB5AQJEQRAA2PIWDz6cY0TMtxgNJWG6+/3+XknjChHk Ulf4QOVbbz/MLcCea529yCvVhdx56H8LxPJrzR7KnsuOoXqLarzIitZWJ8bNupL0 2FRs6Y8LVEqku7mJOtttVkpezrRJ8TUc6Q9qkDd2/vuKXMuBiLWdOed9muy6ftsO EC4OuaLrG3KxFesk3Emkc1m5wkF3IuR4SSsYUjeCQLz04B2dBvHmDw57P6/0SAPr QpP8hnV37CYB5/1X+HLI6z+5NTlU0cVXOysAuByMCp0jCW0f3mrzDrnyf2uMbwFS i6D/INwAuBR4J9hSWnC7O5mPgbu/7bjQs/nBAPiIWChqFt+uYbXVnrDHbmkoq1CS UnNid4wdYhn+NZT9GXSrHikQyTNTCL5d+tqz8EoPpdxao77aK92sRljrdQigRKch fsNiuJIo/dEalILM4rA8yk1bhFzazUWaqiQZLpY794ToTKYV3zlPS5a4C/ANw86q JPEBikz+VIoGYsG8567pQolQm0Fc4dzy3OIcPUlHsT6rZyh8ziRfkyhenPT0fKcb tSY9Cp88qGkX0fdwjS12ZmY2rpbKCmYkJG6WbubJTuKMxwkaYvA4QmIuY/05cZv7 J12GijFpEbReA0JyvsCHEvPiatRIxYFy1hIIv/AXR0ZHs4he0JSj/3AjAWUe/aDF V6Y+4lA0DJs= =hYij - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV9oDsYx+lLeg9Ub1AQgZjRAAiqixk7ADr0/8aoDKhYGick+F+1bVcfEA We5kToZ9/q8qHpUv2uBONpazbuqcCZOoSLZJVut6NFLhU0SwY0Ze9EPP1XzP+den Egse0GeMI2HsCV8F/JJpkJL7afu0CCxUNNS+BPyb2u6R5rcD6VafRcZuGn3JDCPm y0Xbdf51c7RGJd8hFXhbIsXlnhJBe/N7q6dZFn8tNfh9u52fXm9x2EiTa4tDLzFf lnGPgMqHZZelxA0O/1s8+KblAXmsbVWZbQYMVJPk7duXidDl0coIG3xXXxDygjaB pvM5nbcyGmLxEPcmtNTFePaRdIcL8x1kxCI1qVJmoz4zbTSifJNEseRMxNJaJJmy Z/4gs6DFLPEehcatMCpbUNjKajrfUyO4gFSwC+cI1eKJNRUhv/TCRkut+FENoyPQ XtikJE6TRQHMEICgnFUortJLYuQwv11SGUAgLZnzdXLnONoj9tDHE6T2+3Juy5O8 YxB1heLf3h4tMtga6lQ3cIsi7e6ZFxuBuY8n7/8vkhKiv1ffnw9+jTpNPaGyBQeA b//4vPMcrOpDk8FQ//jQGU4bOfUF7d4U7wnFLbpuLTgBQHFbvD584AhhvCjYzdXU PjDeiFlsdvXaa7JxI4Ur2EN7jltukxL01hYULz44O3Qb4Tw1jEsYa8wQUIxHlznp +i+24ZrMY3E= =x2DZ -----END PGP SIGNATURE-----