WebEx Remote Command Execution Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Remote Command Execution Utility', 'Description' = %q This module enables the execution of a single command as System by exploiting a remot...

Cisco Webex Meetings Desktop App Update Service Command Injection (CVE-2018-15442)

A command injection vulnerability exists in Cisco Webex Meetings Desktop App. A remote authenticated attacker could exploit this vulnerability by invoking the update service command with a crafted argument. Successful exploitation results execution of arbitrary code in the security context of the...

Cisco WebEx Meetings Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Advisory ID: CORE-2018-0011 Advisory URL:...

WebEx Local Service Permissions Code Execution Exploit

This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...

WebExec Authenticated User Code Execution Exploit

This Metasploit module uses a valid username and password of any level or password hash to execute an arbitrary payload. This Metasploit module is similar to the "psexec" module, except allows any non-guest account by default. This module requires Metasploit: https://metasploit.com/download Curre...

WebEx - Local Service Permissions Exploit (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...

CVE-2018-15442

creationtimestamp| type| source ---|---|--- 2018-10-24 21:28:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/webexec.rb 2018-10-24 21:28:47+00:00| seen|...

CVE-2018-15442

CVE-2018-15442 concerns Cisco Webex Meetings Desktop App on Windows. The issue is a command-injection in the Update Service (WebExService) caused by insufficient validation of user-supplied parameters. An authenticated, local attacker could invoke the update command with a crafted argument and ex...

smb-vuln-webexec NSE Script

A critical remote code execution vulnerability exists in WebExService WebExec. See also: smb-webexec-exploit.nse Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. randomseed, smbbasic, smbport, smbsign See the...

WebExec Authenticated User Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...

WebEx Remote Command Execution Utility

This module enables the execution of a single command as System by exploiting a remote code execution vulnerability in Cisco's WebEx client software. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

WebEx Local Service Permissions Exploit

This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...