CVE-2018-15442

HIGH

Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2018-15442. PoCs published by Metasploit, Ron Bowes <[email protected]>, Ron <[email protected]>, including Metasploit module auxiliary/admin/smb/webexec_command.

AI-analyzed exploit summary This Metasploit module exploits CVE-2018-15442 by leveraging authenticated SMB access to execute arbitrary payloads on Windows systems. It uses WebExec for command execution and supports various techniques like PowerShell and WMI.

Description

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/45695

This Metasploit module exploits CVE-2018-15442 by leveraging authenticated SMB access to execute arbitrary payloads on Windows systems. It uses WebExec for command execution and supports various techniques like PowerShell and WMI.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows SMB (Windows XP and later)
Auth required
Prerequisites: Valid SMB credentials (username/password or hash) · Network access to SMB service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/45696

This Metasploit module exploits a flaw in the WebEx service (CVE-2018-15442) to achieve local privilege escalation by writing a malicious executable to a writable directory and leveraging the service's SYSTEM-level permissions to execute it.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Cisco WebEx Service (webexservice)
Auth required
Prerequisites: Access to a vulnerable WebEx service installation · Write permissions to a directory accessible by the service · Service must be configured to start automatically or manually by the attacker
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Ron Bowes <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/smb/webexec_command.rb

This Metasploit module exploits CVE-2018-15442 in Cisco WebEx client software to execute arbitrary commands as System via SMB. It leverages the WebExec utility to send commands to a remote host, optionally forcing GUI creation via WMIC.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco WebEx client software (versions affected by CVE-2018-15442)
Auth required
Prerequisites: Valid SMB credentials · Network access to target on port 445 · WebEx client installed on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC MANUAL
by Ron <[email protected]> · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/webexec.rb

This Metasploit module exploits authenticated SMB access to execute arbitrary payloads on Windows systems, similar to psexec but allowing non-guest accounts by default. It uses WebExec for command execution and supports cmdstager for payload delivery.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows SMB (Server Message Block)
Auth required
Prerequisites: Valid SMB credentials (username/password or hash) · Network access to SMB service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/webexec.rb

This Metasploit module exploits a local privilege escalation vulnerability in the WebEx service by writing a malicious executable to a writable directory and leveraging the service's SYSTEM-level permissions to execute it. The exploit checks for service existence, validates architecture, and attempts to start the service to trigger payload execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Cisco WebEx Service (webexservice) on Windows
No auth needed
Prerequisites: WebEx service installed with vulnerable permissions · Write access to a directory in the system path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105734
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45696/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041942
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45695/

Scores

CVSS v3 7.8
EPSS 0.4334
EPSS Percentile 97.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
cisco/webex_meetings_desktop < 33.6.4
cisco/webex_productivity_tools 32.6.0 - 33.0.6
Published Oct 24, 2018
Tracked Since Feb 18, 2026