ESB-2018.0182 - [Virtual][Cisco] Cisco WebEx Meetings Server: Multiple vulnerabilities 2018-01-18

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0182
       Multiple vulnerabilities have been identified in Cisco WebEx
                              Meetings Server
                              18 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco WebEx Meetings Server
Publisher:         Cisco Systems
Operating System:  Cisco
                   VMware ESX Server
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
                   Unauthorised Access      -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-0111 CVE-2018-0110 CVE-2018-0109
                   CVE-2018-0108  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3

Comment: This bulletin contains four (4) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Security Advisory

Cisco WebEx Meetings Server Remote Account Disabling Vulnerability

Medium

Advisory ID: cisco-sa-20180117-wms2

First Published: 2018 January 17 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:

CSCvg46741

CVSS Score:

Base 6.4

Base 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

CVE-2018-0110

CWE-254


Summary

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, 
remote attacker to access the remote support account even after it has been 
disabled via the web application.

The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, 
which would not disable access to specifically configured user accounts, even
after access had been disabled in the web application. An attacker could 
exploit this vulnerability by connecting to the remote support account, even 
after it had been disabled at the web application level. An exploit could 
allow the attacker to modify server configuration and gain access to customer
data.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

 Cisco WebEx Meeting Center

 Cisco WebEx Training Center

 Cisco WebEx Event Center

 Cisco WebEx Support Center

 Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2

Revision History

Version 	Description 		Section 	Status 		Date

1.0 		Initial public release. 		Final 		2018-January-17

LEGAL DISCLAIMER

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF 
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO 
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the 
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end 
users of Cisco products.

- ---

Cisco Security Advisory

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Medium

Advisory ID: cisco-sa-20180117-wms

First Published: 2018 January 17 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:

CSCvg36996

CVSS Score:

Base 5.3

Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

CVE-2018-0108

CWE-611

Summary

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated,
remote attacker to collect customer files via an out-of-band XML External 
Entity (XXE) injection. An attacker could exploit this vulnerability to gain 
information to conduct additional reconnaissance attacks.

The vulnerability is due to the ability of an attacker to perform an 
out-of-band XXE injection on the system, which could allow an attacker to 
capture customer files and redirect them to another destination address. An 
exploit could allow the attacker to discover sensitive customer data.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

Cisco WebEx Meeting Center

Cisco WebEx Training Center

Cisco WebEx Event Center

Cisco WebEx Support Center

Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

Source

Cisco would like to thank Adam Willard of Blue Canopy for reporting this 
vulnerability.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms

Revision History

Version Description 			Section 	Status 		Date

1.0 	Initial public release. 			Final 		2018-January-17
	
LEGAL DISCLAIMER

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF 
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO 
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the 
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end 
users of Cisco products.

- ---

Cisco Security Advisory

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Medium

Advisory ID: cisco-sa-20180117-wms1

First Published: 2018 January 17 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:

CSCvg42664

CVSS Score:

Base 5.0

Base 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:X/RL:X/RC:X

CVE-2018-0109

CWE-200

Summary

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, 
remote attacker to access sensitive data about the application. An attacker 
could exploit this vulnerability to obtain information to conduct additional 
reconnaissance attacks.

The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that
could allow an attacker who is authenticated as root to gain shared secrets. 
An attacker could exploit the vulnerability by accessing the root account and
viewing sensitive information. Successful exploitation could allow the 
attacker to discover sensitive information about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

Cisco WebEx Meeting Center

Cisco WebEx Training Center

Cisco WebEx Event Center

Cisco WebEx Support Center

Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1

Revision History

Version 	Description 		Section 	Status 		Date

1.0 		Initial public release. 		Final 		2018-January-17

LEGAL DISCLAIMER

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF 
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO 
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the 
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end 
users of Cisco products.

- ---

Cisco Security Advisory

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Medium

Advisory ID: cisco-sa-20180117-wms3

First Published: 2018 January 17 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:

CSCvg46806

CVSS Score:

Base 5.3

Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

CVE-2018-0111

CWE-200

Summary

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated,
remote attacker to access sensitive data about the application. An attacker 
could exploit this vulnerability to gain information to conduct additional 
reconnaissance attacks.

The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, 
which could include internal network information that should be restricted. An
attacker could exploit the vulnerability by utilizing available resources to 
study the customer network. An exploit could allow the attacker to discover 
sensitive data about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID(s) at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

 Cisco WebEx Meeting Center

 Cisco WebEx Training Center

 Cisco WebEx Event Center

 Cisco WebEx Support Center

 Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3

Revision History

Version 	Description 		Section 	Status 		Date
	
1.0 		Initial public release. 		Final 		2018-January-17

LEGAL DISCLAIMER

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF 
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO 
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the 
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for end 
users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWl/oB4x+lLeg9Ub1AQjIWg/8CVPSo8EDc2SfGdasgIFZAtahMYzmxHxj
t6Xo2JvXPxUtEklhdfAAIc9K4ThI5OMMyh7J2lNY1m4FFcM1QNe+HIp6A/g1on62
WsERz4+JECbLv8Zm2xb6vAacLlfl0sm3kGkm5fKgyVmSz6lBc/JZQf6dZVuCj4jO
bcRgah8Bi3XDN1Il04QnHUcE6HXPfPvOlp1siXCiIl34toIc9mSgjhHK0mlnebA2
TuvQlF+h0w8L2Wp3OTF6Zo20P+XeEpSjYcreiP4yXTgQHGOqk5486E1sQywPcPoh
R34m4aTiXBleVRAzsMuUfTF2oqE0jhpLOgWBb4y8PVm32VLQMlW9KuERIM2XqEDB
CW0y8+qQRTzwp5hbk+gpFGvBp03qRLlN2nUIQbTVyqpy0HgwsXKIxIIC1ZEcowEO
/BBLljEpT4mAwErdgeKtYH7upDuyzyN+m9avY8PrIXy2QmYWIWl7CaCfO5/e8xW8
R9eUgTbI6fhiS8+uERjp08LWUDRYX5qnOxiVFNC7lu1pr5zHXkMimemCxptftvvW
4oQW3cMzKBmYcmCQIKNpVzOaPxMBo5FIcxgXKleGd7yIZIzVbpAtcRAe6ozOHGMb
35b7tdxWxImgQDhis051ZFyLtG6tivMvpO+w+x6yZxj9/VHszmCUuazblWGPCTjW
pYd0oooLokw=
=Z51N
-----END PGP SIGNATURE-----

« Back to bulletins