back to article From 'WebEx' to 'WebExec' to 'WTF, my PC!' Cisco rapped in chat app security flap

Sorry to spoil your day, Cisco admins and users, but it's time to patch Webex, again. A freshly disclosed exploitable security bug lies within Cisco Webex Meetings Desktop App for Windows, and while it's a privilege escalation bug one step below “critical”, and sitting pretty at "high," CVE-2018-15442 can be remotely abused in …

  1. alexdonald

    Check for updates...

    "Cisco Webex Meetings 33.5.6 is currently the latest version available"

    hmm...

    1. ds20prefecture

      Same issue - download links on main site inaccessible also

  2. Anonymous Coward
    Anonymous Coward

    nice that it never uninstalls itself

    The plug-in installs a fresh copy of itself every time you start a session, but it never removes itself afterthe fact. Reading about this my initial reaction was to think of all the machines that watched a single webinar years ago and are now vulnerable and will remain so probably indefinitely.

    When I started running across them years ago I was worried about something like this, and I have been serially wiping it of the machines in our business office and HR department for years. It will be interesting to see the browser fingerprint data on the plugin before and after this disclosure.

  3. Tom Paine

    Pedant klaxon

    An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.”

    Malware running locally on a machine, or a malicious logged-in user, could abuse this hole to gain system administrator rights

    Malware running as SYSTEM already has higher privs than Administrator.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021