Privilege escalation in Cisco WebEx Room
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-6242 |
| CWE-ID | CWE-120 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Cisco WebEx Room Kit PLus Client/Desktop applications / Multimedia software Cisco WebEx Room Kit Client/Desktop applications / Multimedia software Cisco WebEx Room 70 Client/Desktop applications / Multimedia software Cisco WebEx Room 55 Client/Desktop applications / Multimedia software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU13416
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-6242
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a physical attacker to gain elevated privileges on the target system.
The vulnerability exists due to a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode (RCM) is active. A physical attacker can bypass secure boot and execute unverified code with elevated privileges.
MitigationUpdate to version 9.2.6, 9.3.2.
Cisco WebEx Room Kit PLus: before 9.3.2
Cisco WebEx Room Kit: before 9.3.2
Cisco WebEx Room 70: before 9.3.2
Cisco WebEx Room 55: before 9.3.2
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
