CVE-2018-0112
https://notcve.org/view.php?id=CVE-2018-0112
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. • http://www.securityfocus.com/bid/103920 http://www.securitytracker.com/id/1040709 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs • CWE-20: Improper Input Validation •
CVE-2018-0109
https://notcve.org/view.php?id=CVE-2018-0109
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. • http://www.securityfocus.com/bid/102722 http://www.securitytracker.com/id/1040235 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-0111
https://notcve.org/view.php?id=CVE-2018-0111
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. • http://www.securityfocus.com/bid/102723 http://www.securitytracker.com/id/1040237 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-0108
https://notcve.org/view.php?id=CVE-2018-0108
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. • http://www.securityfocus.com/bid/102720 http://www.securitytracker.com/id/1040238 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-0110
https://notcve.org/view.php?id=CVE-2018-0110
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. • http://www.securityfocus.com/bid/102773 http://www.securitytracker.com/id/1040236 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2 • CWE-254: 7PK - Security Features CWE-863: Incorrect Authorization •