Showing 1 - 3 of 3

CVE-2018-15442

Status Candidate

Overview

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Related Files

Cisco WebEx Meetings Privilege Escalation: Posted Nov 28, 2018; Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com; A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.; tags | exploit, local; systems | cisco, windows; advisories | CVE-2018-15442; SHA-256 | 8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2a; Download | Favorite | View

WebExec Authenticated User Code Execution: Posted Oct 24, 2018; Authored by Ron | Site metasploit.com; This Metasploit module uses a valid username and password of any level (or password hash) to execute an arbitrary payload. This Metasploit module is similar to the "psexec" module, except allows any non-guest account by default.; tags | exploit, arbitrary; advisories | CVE-2018-15442; SHA-256 | 62064773ec9a35ea65bfaad94997ca19e3bcbb3be2deb552ff222d7fe63317a4; Download | Favorite | View

WebEx Local Service Permissions Code Execution: Posted Oct 24, 2018; Authored by Jeff McJunkin | Site metasploit.com; This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.; tags | exploit, arbitrary; systems | windows; advisories | CVE-2018-15442; SHA-256 | 5fd5f73708b7741614718b8a1cece16b9de49b88d3267e6f1549bbe34dc56a0a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 217 files
indoushka 135 files
Ubuntu 92 files
Gentoo 33 files
Debian 27 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Google Security Research 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,913)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,631)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,781)
UNIX (9,441)
UnixWare (187)
Windows (6,676)
Other

CVE-2018-15442

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems