Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.0182
Multiple vulnerabilities have been identified in Cisco WebEx
Meetings Server
18 January 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco WebEx Meetings Server
Publisher: Cisco Systems
Operating System: Cisco
VMware ESX Server
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-0111 CVE-2018-0110 CVE-2018-0109
CVE-2018-0108
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
Comment: This bulletin contains four (4) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Security Advisory
Cisco WebEx Meetings Server Remote Account Disabling Vulnerability
Medium
Advisory ID: cisco-sa-20180117-wms2
First Published: 2018 January 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvg46741
CVSS Score:
Base 6.4
Base 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
CVE-2018-0110
CWE-254
Summary
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated,
remote attacker to access the remote support account even after it has been
disabled via the web application.
The vulnerability is due to a design flaw in Cisco WebEx Meetings Server,
which would not disable access to specifically configured user accounts, even
after access had been disabled in the web application. An attacker could
exploit this vulnerability by connecting to the remote support account, even
after it had been disabled at the web application level. An exploit could
allow the attacker to modify server configuration and gain access to customer
data.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
Affected Products
Vulnerable Products
This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this
advisory.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco-hosted WebEx products:
Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.
When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade
solution.
In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release. If
the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described
in this advisory.
URL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
Revision History
Version Description Section Status Date
1.0 Initial public release. Final 2018-January-17
LEGAL DISCLAIMER
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end
users of Cisco products.
- ---
Cisco Security Advisory
Cisco WebEx Meetings Server Information Disclosure Vulnerability
Medium
Advisory ID: cisco-sa-20180117-wms
First Published: 2018 January 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvg36996
CVSS Score:
Base 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
CVE-2018-0108
CWE-611
Summary
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated,
remote attacker to collect customer files via an out-of-band XML External
Entity (XXE) injection. An attacker could exploit this vulnerability to gain
information to conduct additional reconnaissance attacks.
The vulnerability is due to the ability of an attacker to perform an
out-of-band XXE injection on the system, which could allow an attacker to
capture customer files and redirect them to another destination address. An
exploit could allow the attacker to discover sensitive customer data.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
Affected Products
Vulnerable Products
This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this
advisory.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco-hosted WebEx products:
Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.
When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade
solution.
In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release. If
the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described
in this advisory.
Source
Cisco would like to thank Adam Willard of Blue Canopy for reporting this
vulnerability.
URL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
Revision History
Version Description Section Status Date
1.0 Initial public release. Final 2018-January-17
LEGAL DISCLAIMER
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end
users of Cisco products.
- ---
Cisco Security Advisory
Cisco WebEx Meetings Server Information Disclosure Vulnerability
Medium
Advisory ID: cisco-sa-20180117-wms1
First Published: 2018 January 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvg42664
CVSS Score:
Base 5.0
Base 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:X/RL:X/RC:X
CVE-2018-0109
CWE-200
Summary
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated,
remote attacker to access sensitive data about the application. An attacker
could exploit this vulnerability to obtain information to conduct additional
reconnaissance attacks.
The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that
could allow an attacker who is authenticated as root to gain shared secrets.
An attacker could exploit the vulnerability by accessing the root account and
viewing sensitive information. Successful exploitation could allow the
attacker to discover sensitive information about the application.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
Affected Products
Vulnerable Products
This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this
advisory.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco-hosted WebEx products:
Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.
When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade
solution.
In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release. If
the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described
in this advisory.
URL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
Revision History
Version Description Section Status Date
1.0 Initial public release. Final 2018-January-17
LEGAL DISCLAIMER
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end
users of Cisco products.
- ---
Cisco Security Advisory
Cisco WebEx Meetings Server Information Disclosure Vulnerability
Medium
Advisory ID: cisco-sa-20180117-wms3
First Published: 2018 January 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvg46806
CVSS Score:
Base 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
CVE-2018-0111
CWE-200
Summary
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated,
remote attacker to access sensitive data about the application. An attacker
could exploit this vulnerability to gain information to conduct additional
reconnaissance attacks.
The vulnerability is due to a design flaw in Cisco WebEx Meetings Server,
which could include internal network information that should be restricted. An
attacker could exploit the vulnerability by utilizing available resources to
study the customer network. An exploit could allow the attacker to discover
sensitive data about the application.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
Affected Products
Vulnerable Products
This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this
advisory.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco-hosted WebEx products:
Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.
When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade
solution.
In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release. If
the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described
in this advisory.
URL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
Revision History
Version Description Section Status Date
1.0 Initial public release. Final 2018-January-17
LEGAL DISCLAIMER
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end
users of Cisco products.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWl/oB4x+lLeg9Ub1AQjIWg/8CVPSo8EDc2SfGdasgIFZAtahMYzmxHxj
t6Xo2JvXPxUtEklhdfAAIc9K4ThI5OMMyh7J2lNY1m4FFcM1QNe+HIp6A/g1on62
WsERz4+JECbLv8Zm2xb6vAacLlfl0sm3kGkm5fKgyVmSz6lBc/JZQf6dZVuCj4jO
bcRgah8Bi3XDN1Il04QnHUcE6HXPfPvOlp1siXCiIl34toIc9mSgjhHK0mlnebA2
TuvQlF+h0w8L2Wp3OTF6Zo20P+XeEpSjYcreiP4yXTgQHGOqk5486E1sQywPcPoh
R34m4aTiXBleVRAzsMuUfTF2oqE0jhpLOgWBb4y8PVm32VLQMlW9KuERIM2XqEDB
CW0y8+qQRTzwp5hbk+gpFGvBp03qRLlN2nUIQbTVyqpy0HgwsXKIxIIC1ZEcowEO
/BBLljEpT4mAwErdgeKtYH7upDuyzyN+m9avY8PrIXy2QmYWIWl7CaCfO5/e8xW8
R9eUgTbI6fhiS8+uERjp08LWUDRYX5qnOxiVFNC7lu1pr5zHXkMimemCxptftvvW
4oQW3cMzKBmYcmCQIKNpVzOaPxMBo5FIcxgXKleGd7yIZIzVbpAtcRAe6ozOHGMb
35b7tdxWxImgQDhis051ZFyLtG6tivMvpO+w+x6yZxj9/VHszmCUuazblWGPCTjW
pYd0oooLokw=
=Z51N
-----END PGP SIGNATURE-----