Main Vulnerability Database Vulnerabilities #VU10101

Improper access control in Cisco WebEx Meetings Server - CVE-2018-0110

Published: January 18, 2018

Vulnerability identifier: #VU10101

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0110

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Meetings Server

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to access the remote support account even after it has been disabled via the web application.

The vulnerability exists due to a design flaw in Cisco WebEx Meetings Server. A remote attacker can connect to the remote support account, even after it had been disabled at the web application level, modify server configuration and gain access to customer data.

How to mitigate CVE-2018-0110

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2

Improper access control in Cisco WebEx Meetings Server - CVE-2018-0110

Detailed vulnerability description

How to mitigate CVE-2018-0110

Sources

Please verify you're human