Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  nodelist  faq  login

Everything should be made as simple as possible, but not simpler. -- Albert Einstein


rocksolid / Hacking / Re: Cisco Webex Meetings Desktop App

SubjectAuthor
* Cisco Webex Meetings Desktop AppAnonUser
`- Re: Cisco Webex Meetings Desktop AppAnonUser

1
Subject: Cisco Webex Meetings Desktop App
From: AnonUser
Newsgroups: rocksolid.shared.hacking
Organization: RetroBBS2 for Tor
Date: Fri, 26 Oct 2018 10:35 UTC
Path: rocksolid2!rocksolid0!rocksolid3!.POSTED.localhost!not-for-mail
From: AnonUser@retrobbs2.i2p (AnonUser)
Newsgroups: rocksolid.shared.hacking
Subject: Cisco Webex Meetings Desktop App
Date: Fri, 26 Oct 2018 10:35:24 -0000 (UTC)
Organization: RetroBBS2 for Tor
Message-ID: <c7bdc3116db7ef550ce30a46fad20189$1@dkzerogt6z6ybhcj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 26 Oct 2018 10:35:24 -0000 (UTC)
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="6511"; mail-complaints-to="usenet@rocksolidbbs.com"
View all headers
Check out this new gaping hole in Ciscos Webex. Even after the patch you can still have a lot of fun with this. And easy, too (to exploit, I mean, not to find).

The article on skull is worth reading, the Cisco post is more to give a complete picture (not too many facts in that one, I'm afraid).

https://blog.skullsecurity.org/2018/technical-rundown-of-webexec

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection


--
Posted on RetroBBS II




Subject: Re: Cisco Webex Meetings Desktop App
From: AnonUser
Newsgroups: rocksolid.shared.hacking
Organization: Rocksolid Light
Date: Sat, 27 Oct 2018 00:48 UTC
References: 1
Path: rocksolid2!.POSTED.192.241.184.77!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.hacking
Subject: Re: Cisco Webex Meetings Desktop App
Date: Sat, 27 Oct 2018 00:48:02 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <bcdb620d8db17e2abfbef0d5ea33a052$1@rslight.novabbs.com>
References: <c7bdc3116db7ef550ce30a46fad20189$1@dkzerogt6z6ybhcj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 27 Oct 2018 00:48:02 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="192.241.184.77";
logging-data="21374"; mail-complaints-to="usenet@novabbs.com"
View all headers
AnonUser wrote:

Check out this new gaping hole in Ciscos Webex. Even after the patch you can still have a lot of fun with this. And easy, too (to exploit, I mean, not to find).

The article on skull is worth reading, the Cisco post is more to give a complete picture (not too many facts in that one, I'm afraid).

https://blog.skullsecurity.org/2018/technical-rundown-of-webexec

Nice writeup of the problem and how to exploit. Looks like Cisco handled it pretty well.


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection



--
Posted on Rocksolid Light.




1
rocksolid light 0.7.2
clearneti2ptor