This could be with a local account or a domain account. To use sc remotely, though, you first need to be authenticated to the remote machine. You may be wondering how you can remotely execute a vulnerability when it does not run waiting for connections? This is because the Windows sc command can be used to start a service on a remote machine with the following command: c:\>sc \\10.0.0.0 start webexservice a software-update 1 net localgroup administrators testuser /add "We actually spent over a week knowing about this vulnerability without realizing that it could be used remotely!" Īccording to the researchers even though they knew about this vulnerability, they had not realized they could use it remotely until a week had passed.
With this elevated command prompt, the standard user now has full control over the PC. For example, to have WebexService.exe start calc.exe, you can use the command: sc start webexservice a software-update 1 calc c d e f To use the WebexService service the to launch a program, you can simply start the service while passing the command to execute as an argument.
Instead, it is called as necessary to perform an update of WebEx, or in this case, other programs. The WebexService service does not automatically start when Windows starts. Using debug information, trial-and-error, and reverse engineering, they were able to determine that even though this service is designed to update WebEx, it could also be used to launch other programs.Īs the service is running under the System account, any executable launched by it would be launched with the same permissions. The researchers then decided to to take a deeper look at the WebexService.exe to determine what it does. While they found the privilege elevation they were looking, this bug had already been discovered by other researchers and Cisco had released a new update for it in September. While performing the pentest they noticed that Cisco WebEx uses a service called "WebexService" that could be started and stopped by anyone and ran under System privileges.Īs the executable could be accessed by anyone, including a standard user, they realized that they could replace the executable with another one of their choice in order to elevate their privileges.
Their initial goal was to elevate the permissions of a local standard user account, but they instead found a very interesting remote code execution bug that they have titled "WebExec". This new remote code execution vulnerability was disclosed yesterday by Ron Bowes and Jeff McJunkin of the hack challenge organization Counter Hack while performing a recent pentest. These are critical bugs because they commonly allow commands to run with elevated privileges. Remote code execution vulnerabilities are bugs that allow a users to remotely connect to a vulnerable application and cause commands to be executed on the remote computer. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections.
To delete the app, choose Finder > Empty Trash.While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different.
This is probably the name and password you use to log in to your Mac. If you’re asked for a user name and password, enter the name and password of an administrator account on your Mac.The Dock, showing the Trash icon on the right Drag the app to the Trash, or select the app and choose File > Move to Trash.Or use Spotlight to find the app, then press and hold the Command (⌘) key while double-clicking the app in Spotlight. Most apps are in your Applications folder, which you can open by clicking Applications in the sidebar of any Finder window.
To delete an app that didn’t come from the App Store, use the Finder instead.
Apps that don’t show an X button either didn’t come from the App Store or are required by your Mac.
Or swipe right or left with two fingers on your trackpad to show the next or previous page.