Multiple Cisco critical updates: Cisco WebEx, Cisco Secure Access Control system, Cisco Prime File Upload Servlet

Advisory: CERT.be Advisory #2018-012
Version: 1.0

Cisco WebEx Advanced Recording Format Remote Code Execution
CVSS: 9.6

Affected software:
• Cisco WebEx Business Suite meeting sites
• Cisco WebEx Meetings sites
• Cisco WebEx Meetings Server
• Cisco WebEx ARF players

Client software:
• Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
• Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
• Cisco WebEx Meetings with client builds prior to T32.12
• Cisco WebEx Meeting Server builds prior to 3.0 Patch 1

Type: remote arbitrary code execution

Cisco Secure Access Control System Remote Code Execution Vulnerability
CVSS: 9.8
Affected software:

• all releases of Cisco Secure ACS prior to Release 5.8 Patch 7.

Type: remote arbitrary code execution

Cisco Prime File Upload Path Traversal and Remote Code Execution
CVSS: 9.8
Affected software:

• Cisco Prime Data Center Network Manager (DCNM) - Version 10.0 and later
• Cisco Prime Infrastructure (PI) - All versions

Type: remote arbitrary code execution

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Risks

CERT.be recommends systems administrators to install the latest updates to all affected software published in this advisory. The vulnerability presents the following risks: remote arbitrary code execution.

Summary

- Cisco WebEx Advanced Recording Format Remote Code Execution
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meeting and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user’s system. The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be installed automatically when a user accesses a recording file that is hosted on a WebEx server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

- Cisco Secure Access Control System Remote Code Execution Vulnerability
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

- Cisco Prime File Upload Path Traversal and Remote Code Execution
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Remediation

Cisco has released free software updates that address the vulnerabilities described in this advisory. You can find the procedure for each vulnerability on the related links from Cisco below.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...