CVE-2018-0387
HIGHCisco Webex Teams - Remote Code Execution via Malicious Link
Title source: llmDescription
A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104873
Scores
CVSS v3
8.8
EPSS
0.0311
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (1)
cisco/webex_teams
Published
Jul 18, 2018
Tracked Since
Feb 18, 2026