A serious security vulnerability has been discovered in the Cisco Webex Meeting App for Windows, allowing attackers to gain code execution simply by tricking users into clicking a specially crafted meeting link.
The flaw, identified as a directory traversal vulnerability, affects the way the Webex application handles certain Uniform Resource Identifier (URI) links used to join meetings. Specifically, the webexmtg:// URI handler, which processes XML data containing meeting information, fails to properly sanitize user-supplied input within XML attributes.
This oversight means an attacker can insert directory traversal sequences (like ../../) into the XML data processed by the Webex app. By crafting a malicious link containing these sequences, an attacker can trick the application into reading or writing files in locations outside the intended Webex directory. This allows them to access sensitive data or, more critically, write malicious files to locations that facilitate code execution on the victim’s system.
Exploiting this vulnerability is relatively straightforward for an attacker. They could distribute the malicious link via email, instant message, or a website. If a user running a vulnerable version of the Webex client clicks this link, the crafted URI is processed, and the directory traversal allows the attacker to potentially achieve arbitrary file read/write operations, which can then be leveraged to execute malicious code on the affected machine. This could even potentially lead to privilege escalation, giving the attacker higher-level control over the system.
The vulnerability impacts Cisco Webex Meeting App for Windows versions 41.1.4 and earlier.
Cybersecurity researchers from CyberArk Labs are credited with discovering and reporting this critical flaw to Cisco.
Cisco has released patches to address this vulnerability. Users and organizations are strongly advised to update their Cisco Webex Meeting App for Windows to version 41.2 or later immediately. These patched versions correctly validate the input within the XML attributes parsed by the URI handler, preventing the directory traversal exploit.
Given the ease of exploitation via a simple meeting link and the potential for complete system compromise through code execution, failing to update puts users at significant risk. Prompt patching is essential to protect against potential attacks leveraging this vulnerability. Check your Webex version and apply the latest update without delay.
Source: https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/
