Showing 1 - 4 of 4

CVE-2018-15442

Status Candidate

Overview

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Related Files

WebEx Remote Command Execution Utility: Posted Aug 31, 2024; Authored by Ron Bowes | Site metasploit.com; This Metasploit module enables the execution of a single command as System by exploiting a remote code execution vulnerability in Ciscos WebEx client software.; tags | exploit, remote, code execution; advisories | CVE-2018-15442; SHA-256 | ff7ba8eee04116c187733d871f1d2cdcba7bf879d893d5749316164a92cbcb78; Download | Favorite | View

Cisco WebEx Meetings Privilege Escalation: Posted Nov 28, 2018; Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com; A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.; tags | exploit, local; systems | cisco, windows; advisories | CVE-2018-15442; SHA-256 | 8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2a; Download | Favorite | View

WebExec Authenticated User Code Execution: Posted Oct 24, 2018; Authored by Ron | Site metasploit.com; This Metasploit module uses a valid username and password of any level (or password hash) to execute an arbitrary payload. This Metasploit module is similar to the "psexec" module, except allows any non-guest account by default.; tags | exploit, arbitrary; advisories | CVE-2018-15442; SHA-256 | 62064773ec9a35ea65bfaad94997ca19e3bcbb3be2deb552ff222d7fe63317a4; Download | Favorite | View

WebEx Local Service Permissions Code Execution: Posted Oct 24, 2018; Authored by Jeff McJunkin | Site metasploit.com; This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.; tags | exploit, arbitrary; systems | windows; advisories | CVE-2018-15442; SHA-256 | 5fd5f73708b7741614718b8a1cece16b9de49b88d3267e6f1549bbe34dc56a0a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2018-15442

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems