-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2167
       Multiple vulnerabilities have been identified in Cisco WebEx
                              Meetings Server
                             15 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco WebEx Meetings Server
Publisher:         Cisco Systems
Operating System:  Cisco
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1482 CVE-2016-1483 

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wms
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem

Comment: This bulletin contains two (2) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco WebEx Meetings Server Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160914-wem

Revision 1.0

For Public Release 2016 September 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system.

The vulnerability is due to insufficient sanitization of user-supplied data processed by the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands into existing application scripts running on a targeted device located in a DMZ. Successful exploitation could allow an attacker to execute arbitrary commands on the device with elevated privileges.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem

- -----BEGIN PGP SIGNATURE-----

iQIVAwUBV9lf6q89gD3EAJB5AQIoJBAA5Y9/x54ie9exP/AwLfmAuy4YyrkNJHDA
/WyCCTj9LcoLFvJQxnJAmTxKo+Mcdjr3kRIVgvqBA/uJUWgEg5qenDKwez2W7EZK
QOtbL9C8bRug4yFo47rJuRbXgxtCuHS/v9Wmldyk2Q9DzA4+Mb4vR255p7qPYrYs
ZHRJl8N7MBGDtWaz416sDwWWiN2Xm9Q+2h3mTPH7nJLWFlTKSKTMHjhProansYu6
wjqu12ie6PvyoFDmR9NUiiLX96fqO2vzigFDlAfZLmbRTlSbDSzYym8P9sEB4NT1
yv76VtE7s0MDSULPtg9zOtS4v/9Km+sSfA1AtimEwFQEdwGB32lYt/tmSGVT16d6
7zj9Sa+v5FQEWPaQDQ5C0CdMEnL/BkdRmp5L3Uk7R12qsA9kYRAvlWARAeOBhM/W
Fg9yOsSqTdJyAsExqZnLmdk005/S0XgxckxM1Lo+z05w4xMyhKfVZsWGKwPci32c
ENN/FnqFdMs5pHTeRGtotEzwEx8i6IGHdEsi+3Jk0ez8LdIbgHKXPbjF8imV5A+f
TciTSXx61TNx9XzOb0TTuv6ECbcWkPW/BAG9HndceoeOHEmjsCeX8KCXfwr8Ua0B
4zX4mH2MmNwTTrji+eYas2nppRZszu2MzhzFgXLuo0Z9ksBNtZa9TMnZ3zJV5z2t
KECiQzGzfgw=
=dXSP
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco WebEx Meetings Server Denial of Service Vulnerability

Advisory ID: cisco-sa-20160914-wms

Revision 1.0

For Public Release 2016 September 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper validation of user accounts by specific services. An unauthenticated, remote attacker could exploit this vulnerability by repeatedly attempting to access a specific service, causing the system to perform computationally intensive tasks and resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wms

- -----BEGIN PGP SIGNATURE-----

iQIVAwUBV9lgCa89gD3EAJB5AQJEQRAA2PIWDz6cY0TMtxgNJWG6+/3+XknjChHk
Ulf4QOVbbz/MLcCea529yCvVhdx56H8LxPJrzR7KnsuOoXqLarzIitZWJ8bNupL0
2FRs6Y8LVEqku7mJOtttVkpezrRJ8TUc6Q9qkDd2/vuKXMuBiLWdOed9muy6ftsO
EC4OuaLrG3KxFesk3Emkc1m5wkF3IuR4SSsYUjeCQLz04B2dBvHmDw57P6/0SAPr
QpP8hnV37CYB5/1X+HLI6z+5NTlU0cVXOysAuByMCp0jCW0f3mrzDrnyf2uMbwFS
i6D/INwAuBR4J9hSWnC7O5mPgbu/7bjQs/nBAPiIWChqFt+uYbXVnrDHbmkoq1CS
UnNid4wdYhn+NZT9GXSrHikQyTNTCL5d+tqz8EoPpdxao77aK92sRljrdQigRKch
fsNiuJIo/dEalILM4rA8yk1bhFzazUWaqiQZLpY794ToTKYV3zlPS5a4C/ANw86q
JPEBikz+VIoGYsG8567pQolQm0Fc4dzy3OIcPUlHsT6rZyh8ziRfkyhenPT0fKcb
tSY9Cp88qGkX0fdwjS12ZmY2rpbKCmYkJG6WbubJTuKMxwkaYvA4QmIuY/05cZv7
J12GijFpEbReA0JyvsCHEvPiatRIxYFy1hIIv/AXR0ZHs4he0JSj/3AjAWUe/aDF
V6Y+4lA0DJs=
=hYij
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV9oDsYx+lLeg9Ub1AQgZjRAAiqixk7ADr0/8aoDKhYGick+F+1bVcfEA
We5kToZ9/q8qHpUv2uBONpazbuqcCZOoSLZJVut6NFLhU0SwY0Ze9EPP1XzP+den
Egse0GeMI2HsCV8F/JJpkJL7afu0CCxUNNS+BPyb2u6R5rcD6VafRcZuGn3JDCPm
y0Xbdf51c7RGJd8hFXhbIsXlnhJBe/N7q6dZFn8tNfh9u52fXm9x2EiTa4tDLzFf
lnGPgMqHZZelxA0O/1s8+KblAXmsbVWZbQYMVJPk7duXidDl0coIG3xXXxDygjaB
pvM5nbcyGmLxEPcmtNTFePaRdIcL8x1kxCI1qVJmoz4zbTSifJNEseRMxNJaJJmy
Z/4gs6DFLPEehcatMCpbUNjKajrfUyO4gFSwC+cI1eKJNRUhv/TCRkut+FENoyPQ
XtikJE6TRQHMEICgnFUortJLYuQwv11SGUAgLZnzdXLnONoj9tDHE6T2+3Juy5O8
YxB1heLf3h4tMtga6lQ3cIsi7e6ZFxuBuY8n7/8vkhKiv1ffnw9+jTpNPaGyBQeA
b//4vPMcrOpDk8FQ//jQGU4bOfUF7d4U7wnFLbpuLTgBQHFbvD584AhhvCjYzdXU
PjDeiFlsdvXaa7JxI4Ur2EN7jltukxL01hYULz44O3Qb4Tw1jEsYa8wQUIxHlznp
+i+24ZrMY3E=
=x2DZ
-----END PGP SIGNATURE-----