Safety researchers have found a flaw in WebEx’s WebexUpdateService that permits anybody with a login to the Home windows system the place Cisco’s consumer software program is put in to run system-level code remotely.
The vulnerability is “fairly distinctive” as it’s “a distant vulnerability in a consumer utility that does not even hear on a port”, based on a weblog publish by Ron Bowes and Jeff McJunkin of Counter Hack.
When the WebEx consumer is put in on a system, a Home windows service referred to as WebExService can be put in that may execute instructions with system-level privilege.
In accordance with a web site detailing the hack, attributable to poorly dealt with entry management lists (ACLs), any native or area consumer can begin this service over Home windows’ distant service interface, besides these working the consumer on Home windows 10 (which requires an admin login).
“So far as we all know, a distant assault in opposition to a third get together Home windows service is a novel sort of assault. We’re calling the category “thanks in your service”, as a result of we are able to, and are crossing our fingers that extra are on the market!” Bowes stated.
Bowes stated that exploiting the vulnerability is “really simpler than checking for it”.
“The patched model of WebEx nonetheless permits distant customers to connect with the method and begin it,” he defined. “Nevertheless, if the method detects that it is being requested to run an executable that’s not signed by Webex, the execution will halt.”
In an advisory, Cisco stated the vulnerability is because of inadequate validation of user-supplied parameters. “An attacker might exploit this vulnerability by invoking the replace service command with a crafted argument,” stated the advisory.
Bowes stated that WebEx launched a patch on three October and that customers ought to be sure that they’re working this new consumer model.
“The excellent news is, the patched model of this service will solely run recordsdata which can be signed by WebEx. The dangerous information is, there are a number of these on the market (together with the susceptible model of the service!), and the service can nonetheless be began remotely,” he stated.
The Cisco advisory stated that customers might decide whether or not a susceptible model of Cisco Webex Conferences Desktop App is put in on a Home windows machine by launching the Cisco Webex Conferences utility and clicking the gear icon within the high proper of the applying window, then deciding on the About… menu entry. A popup window displaying the at present put in model will open.