Last month, Cisco patched a command injection vulnerability in its Webex Meeting App. The vulnerability could allow arbitrary command execution by an attacker. While Cisco released the patch promptly, it had some issues. Recently, some other researchers have identified another attack method to exploit this vulnerability. Eventually, Cisco fixed previous incomplete patch by releasing new fixes.
Another Exploit For Webex Meeting App Vulnerability
As reported in October, Cisco’s Webex Desktop Meeting app had a serious security flaw. The vulnerability (CVE-2018-15442) could let an attacker execute arbitrary commands on a targeted device by gaining SYSTEM user privileges.
The vulnerability existed in the app due to “insufficient validation of user-supplied parameters”. After the discovery of the flaw, Cisco released patches for it in the Webex Meetings Desktop app version 33.5.6 and Cisco Webex Productivity Tools v.33.0.5.
However, recently, different researchers reported to Cisco that the vulnerability still existed in the patched versions. They allegedly discovered another method to exploit the bug. As discovered by Marcos Accossatto from SecureAuth,
“The update service of Cisco Webex Meetings Desktop App for Windows does not properly validate user-supplied parameters.”
SecureAuth has shared Accossatto’s findings in an advisory. They have also shared the detailed proof of concept for the attack method. Describing the exploit, they stated,
“The vulnerability can be exploited by copying to a local attacker controller folder, the ptUpdate.exe binary. Also, a malicious dll must be placed in the same folder, named wbxtrace.dll. To gain privileges, the attacker must start the service with the command line: sc start webexservice install software-update 1 “attacker-controlled-path” (if the parameter 1 doesn’t work, then 2 should be used).”
In addition to Marcos Accossatto, Cisco has also acknowledged Timothy Ferrell, Steven Seeley of Source Incite, and Ron Bowes of Counter Hack to report the additional attack.
Cisco Fixed Previous Incomplete Patch
After receiving reports of a new attack method, Cisco fixed a previous incomplete patch by releasing new updates. According to Cisco, while talking about the vulnerable products:
“This vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.4, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.6 when running on a Microsoft Windows end-user system.”
Consequently, Cisco patched the flaw in the Webex Meetings Desktop App Release 33.6.4 and later, and Webex Productivity Tools v.33.0.6 and later.
Take your time to comment on this article.
