Main Vulnerability Database Vulnerabilities #VU14674

#VU14674 Security restrictions bypass in Cisco Webex Teams - CVE-2018-0436

Published: September 5, 2018 / Updated: September 6, 2018

Vulnerability identifier: #VU14674

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0436

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Webex Teams

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The vulnerability exists due to the affected software performs insufficient checks for associations between user accounts and organization accounts. A remote attacker who has administrator or compliance officer privileges for one organization account can use those privileges to view and modify data for another organization account.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod

#VU14674 Security restrictions bypass in Cisco Webex Teams - CVE-2018-0436

Description

Remediation

External links

Please verify you're human