Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

Due to design weakness of ACL, WebExService that can execute arbitrary commands at SYSTEM-level privilege.

Below remedy only reset the service to the default permission.

sc sdset webexservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

But you should update your Cisco Webex Meetings Desktop App installation to a 33.6.0 or later release since WebExService will still be vulnerable to local privilege escalation, though, without the patch!

Below details is the official announcement for your reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

Cyber security technical information

Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

antihackingonline.com