Attacker Value

High

Get System-level Code Execution Through Webex Vulnerability

Attacker Value

High

(1 user assessed)

Exploitability

Moderate

(1 user assessed)

User Interaction

Get System-level Code Execution Through Webex Vulnerability

Disclosure Date: October 24, 2018 •

CVE-2018-15442 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

WebEx Local Service Permissions Exploit

WebEx Remote Command Execution Utility

WebExec Authenticated User Code Execution

Description

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Add Assessment

space-r7 (89)

May 09, 2019 5:57pm UTC (1 year ago)

Ratings

Attacker Value

High

Exploitability

Medium

Technical Analysis

Details

On vulnerable versions of Cisco’s Webex client software, any local or domain user can execute commands
with SYSTEM-level privileges. The software installs a service called WebExService, that once started,
will run commands at the SYSTEM level.

This exploit prompts for an Administrator verification on Windows 10 and requires credentials to exploit, but it
is still a useful exploit for targets prior to Windows 10.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Cisco

Products

Cisco WebEx Event Center

Metasploit Modules

WebEx Local Service Permissions Exploit (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/webexec.rb)

WebEx Remote Command Execution Utility (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/smb/webexec_command.rb)

WebExec Authenticated User Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/webexec.rb)

References

Canonical

CVE-2018-15442 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15442)

BID-105734 (http://www.securityfocus.com/bid/105734)

Advisory

20181024 Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection)

EXPLOIT-DB-45696 (https://www.exploit-db.com/exploits/45696)

SECTRACK-1041942 (http://www.securitytracker.com/id/1041942)

EXPLOIT-DB-45695 (https://www.exploit-db.com/exploits/45695)

Rapid7

High