CVE-2018-0112

Name of the Vulnerable Software and Affected Versions Cisco WebEx Business Suite versions prior to T31.23.2 Cisco WebEx Business Suite versions prior to T32.10 Cisco WebEx Meetings versions prior to T32.10 Cisco WebEx Meetings Server versions prior to 2.8 MR2

Description A vulnerability in Cisco WebEx clients exists due to insufficient input validation, allowing an authenticated, remote attacker to execute arbitrary code on a targeted system. The attacker could exploit this by providing a malicious Flash (.swf) file via the file-sharing capabilities of the client. This could allow arbitrary code execution on the system of a targeted user.

Recommendations For Cisco WebEx Business Suite version prior to T31.23.2, update to version T31.23.2 or later. For Cisco WebEx Business Suite version prior to T32.10, update to version T32.10 or later. For Cisco WebEx Meetings version prior to T32.10, update to version T32.10 or later. For Cisco WebEx Meetings Server version prior to 2.8 MR2, update to version 2.8 MR2 or later.