A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.
The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.
The versions impacted are:
“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.