A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application.

The vulnerability is due to the way custom application permissions are assigned at initialization. An attacker could exploit this vulnerability by downloading a malicious Android application to the mobile device. An exploit could allow the attacker to utilize the custom application to silently acquire the same permissions as the WebEx application.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc

Leave a Reply