Cisco WebEx is a pop communication tool for online events, including meetings, webinars as well as video conferences that assist users connect as well as collaborate amongst colleagues closed to the world. The extension has roughly xx i one one thousand thousand active users.
Discovered past times Tavis Ormandy of Google Project Zero as well as Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect inward the WebEx browser extension.
To exploit the vulnerability, all an assailant require to hit is fob victims into visiting a spider web page containing especially crafted malicious code through the browser amongst affected extension installed.
Successful exploitation of this vulnerability could resultant inward the assailant executing arbitrary code amongst the privileges of the affected browser as well as gaining command of the affected system.
"I regard several problems amongst the means sanitization works, as well as convey produced a remote code execution exploit to demonstrate them," Ormandy said. "This extension has over 20M [million] active Chrome users alone, FireFox as well as other browsers are probable to last affected every bit well."Cisco has already patched the vulnerability as well as released “Cisco WebEx Extension 1.0.12” update for Chrome as well as Firefox browsers that address this issue, though "there are no workarounds that address this vulnerability."
"This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, as well as Support Center), as well as Cisco WebEx Meetings when they are running on Microsoft Windows," Cisco confirmed inward an advisory released today.
Download Cisco WebEx Extension 1.0.12
In general, users are ever recommended to run all software every bit a non-privileged user inward an endeavour to diminish the effects of a successful attack.
Fortunately, Apple's Safari, Microsoft's Internet Explorer as well as Microsoft's Edge are non affected past times this vulnerability.
Cisco WebEx Productivity Tools, Cisco WebEx browser extensions for Mac or Linux, as well as Cisco WebEx on Microsoft Edge or Internet Explorer are non affected past times the vulnerability, the companionship confirmed.
The remote code execution vulnerability inward Cisco WebEx extension has been discovered minute fourth dimension inward this year.
Ormandy alerted the networking giant to an RCE flaw inward the WebEx browser extension before this yr every bit well, which fifty-fifty led to Google as well as Mozilla temporarily removing the plus from their stores.
Share This :
comment 0 Comments
more_vert