This security advisory describes one medium risk vulnerability.
The vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper validation of user-supplied input in the web-based management interface. A remote administrator can send a specially crafted request and execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.Mitigation
Install updates from vendor's website.Vulnerable software versions
Cisco Webex Video Mesh: 2018.10.04.1692m, 2018.10.04.1694m, 2018.10.11.1702m, 2018.11.01.1722m, 2018.11.10.1730m, 2018.11.19.1744m, 2018.11.19.1744m1, 2018.12.11.1753m, 2019.01.14.1764m.1, 2019.01.29.1773m, 2019.02.12.1786m, 2019.03.22.1829m.2, 2019.04.18.1869m.1, 2019.04.29.1873m, 2019.04.29.1873m.4, 2019.05.20.1892m1, 2019.06.13.1907m.1, 2019.06.13.1907m.3, 2019.07.12.1917m, 2019.08.01.1929m, 2019.08.14.1937m, 2019.08.21.1941m.2CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.