Full Disclosure mailing list archives
Critical vulnerability in Cisco WebEx - "WebExec"
From: Ron Bowes <ron () skullsecurity net>
Date: Wed, 24 Oct 2018 09:29:10 -0700
During a pentest a couple months back, me and my coworker (Jeff) stumbled upon an 0-day in Cisco WebEx. It's neat because it's a remote code execution vulnerability in a client-side app due to bad ACLs. Here's a high-level doc we put together: https://webexec.org And a technical deep dive: https://blog.skullsecurity.org/2018/technical-rundown-of-webexec You'll find Nmap and Metasploit modules linked from there. Cheers! Ron _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Critical vulnerability in Cisco WebEx - "WebExec" Ron Bowes (Oct 24)