Cisco WebEx Meetings Server Command Injection Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack.

The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command arguments on the system. An exploit could allow the attacker to perform a command injection attack, which could allow the attacker to execute arbitrary commands on the system.

Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/29HTSbP A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack.

The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command arguments on the system. An exploit could allow the attacker to perform a command injection attack, which could allow the attacker to execute arbitrary commands on the system.

Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/29HTSbP
Security Impact Rating: Medium
CVE: CVE-2016-1450

from Cisco Security Advisory http://ift.tt/29HTSbP