Main Vulnerability Database Vulnerabilities #VU15811

#VU15811 XXE attack in Cisco WebEx Meetings Server - CVE-2018-18895

Published: November 12, 2018 / Updated: November 13, 2018

Vulnerability identifier: #VU15811

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-18895

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco WebEx Meetings Server

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists in the '/WBXServixe/XMLService' path name and 'siteName' parameters due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and obtain potentially sensitive information.

Remediation

Update to version 2.8MR3, 3.0MR2 patch 1, or the upcoming 4.0.

External links

https://seclists.org/fulldisclosure/2018/Nov/0

#VU15811 XXE attack in Cisco WebEx Meetings Server - CVE-2018-18895

Description

Remediation

External links

Please verify you're human