WebExec – an authenticated RCE vulnerability in Cisco WebEx client

WebExec – an authenticated RCE vulnerability in Cisco WebEx client

Hey all,

During a pentest a couple months back, me and my coworker (/u/jeffmcjunkin) stumbled upon an 0-day in Cisco WebEx. It’s neat because it’s a remote code execution vulnerability in a client-side app due to bad ACLs.

We wrote a high level doc about it, and also a deep dive into why it works.

You can also find Nmap scripts to check for it (already pushed to svn) as well as Metasploit modules to exploit it (in a metasploit fork) linked from there.

I thought you guys would be interested! Please patch!

submitted by /u/iagox86 to r/netsec
[link] [comments]

top scoring links : multi

Related posts

Leave a Comment