Vulnerability Details : CVE-2018-15442
Public exploit exists!
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
Products affected by CVE-2018-15442
- cpe:2.3:a:cisco:webex_productivity_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_desktop:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15442
56.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-15442
-
WebExec Authenticated User Code Execution
Disclosure Date: 2018-10-24First seen: 2020-04-26exploit/windows/smb/webexecThis module uses a valid username and password of any level (or password hash) to execute an arbitrary payload. This module is similar to the "psexec" module, except allows any non-guest account by default. Authors: - Ron <ron@skullsecurity.net> -
WebEx Local Service Permissions Exploit
Disclosure Date: 2018-10-09First seen: 2020-04-26exploit/windows/local/webexecThis module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. Authors: - Jeff McJunkin <jeff.mcjunkin@gmail.com> -
WebEx Remote Command Execution Utility
First seen: 2020-04-26auxiliary/admin/smb/webexec_commandThis module enables the execution of a single command as System by exploiting a remote code execution vulnerability in Cisco's WebEx client software. Authors: - Ron Bowes <ron@skullsecurity.net>
CVSS scores for CVE-2018-15442
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Cisco Systems, Inc. |
CWE ids for CVE-2018-15442
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-15442
-
http://www.securityfocus.com/bid/105734
Cisco Webex Meetings Desktop App CVE-2018-15442 Local Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection
Cisco Webex Meetings Desktop App Update Service Command Injection VulnerabilityVendor Advisory
-
https://www.exploit-db.com/exploits/45695/
WebExec - (Authenticated) User Code Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041942
Cisco WebEx Meetings File Processing Flaw Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45696/
WebEx - Local Service Permissions Exploit (Metasploit)Exploit;Third Party Advisory;VDB Entry
Jump to