понедельник, 23 июля 2018 г.

Cisco Webex Teams Remote Code Execution Vulnerability (CVE-2018-0387)

Hello all,

This time I want to talk about our internal Red Team experience. Just want to share my bug-story for Cisco WebEx Teams (previously known as Cisco Spark). We are using this awesome messenger because it can provide good quality communication channel between employees and also have a lot of cool features: group chats (like old good IRC channels), video/audios and pictures/files sharing and more.   It is an enterprise cloud-based solution with all cool encryption, SSO integration and privacy things, but at this moment it is not a subject of this post.

I want to disclose some detail about the vulnerability we found - CVE-2018-0387: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce