====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN273
_____________________________________________________________________

DATE                : 06/09/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Webex Teams versions
                            prior to 20180417-150803.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod
_____________________________________________________________________

Cisco Security Advisory: Cisco Webex Teams Information Disclosure and
Modification Vulnerability

Advisory ID: cisco-sa-20180905-webex-id-mod

Revision: 1.0

For Public Release: 2018 September 5 16:00 GMT

Last Updated: 2018 September 5 16:00 GMT

CVE ID(s): CVE-2018-0436

CVSS Score v(3): 8.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

+---------------------------------------------------------------------

Summary

=======

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow
an authenticated, remote attacker to view and modify data for an
organization other than their own organization.

The vulnerability exists because the affected software performs
insufficient checks for associations between user accounts and
organization accounts. An attacker who has administrator or compliance
officer privileges for one organization account could exploit this
vulnerability by using those privileges to view and modify data for
another organization account.

No customer data was impacted by this vulnerability.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod"]


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================