Guest

Preview Tool

Cisco Bug: CSCvh66250 - Cisco Webex Teams Remote Code Execution Vulnerability

Last Modified

May 01, 2019

Products (1)

  • Cisco Webex Teams

Known Affected Releases

unspecified

Description (partial)

Symptom:
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. 

The vulnerability is due to Cisco Webex Teams failing to properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading a user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce

Conditions:
Please refer to Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.