Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
828
VMScore

CVE-2017-6753

Published: 25/07/2017 Updated: 09/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote malicious user to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions before 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions before 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco webex event center t31_base

cisco webex meetings server 2.8_base

cisco webex meetings server 2.5 mr5

cisco webex meetings server 2.6 mr1

cisco webex meetings server 2.5 mr6

cisco webex meetings server 2.6 mr2

cisco webex meetings server 2.0 mr9 patch 2

cisco webex meetings server 2.0 mr7

cisco webex meetings server 2.0 mr9 patch 3

cisco webex event center t30_base

cisco webex meetings server 2.5 mr2 patch 1

cisco webex training center t30_base

cisco webex meetings server 1.1_base

cisco webex meetings server 2.5.99.2

cisco webex meetings server 2.6 mr3 patch 2

cisco webex meetings server 2.6 mr1 patch 1

cisco webex meetings server 2.7 mr1 patch 1

cisco webex meetings server 2.6.1.39

cisco webex meetings server 2.5.1.29

cisco webex meetings server 2.0_base

cisco webex meeting center t32_base

cisco webex meetings server 2.5 mr5 patch 1

cisco webex meetings server 2.0 mr8 patch 1

cisco webex meetings server 2.0 mr3

cisco webex event center t32_base

cisco webex meetings server 2.0 mr4

cisco webex meetings server 2.7_base

cisco webex meetings server 2.6 mr2 patch 1

cisco webex support center t31_base

cisco webex meetings server 2.7 mr2 patch 1

cisco webex support center t32_base

cisco webex meetings server 2.0 mr9 patch 1

cisco webex meetings server 2.5 mr1

cisco webex meeting center t30_base

cisco webex meetings server 2.7 mr2

cisco webex meetings server 2.5 mr2

cisco webex meetings server 2.7.1

cisco webex meetings server 2.0 mr2

cisco webex meetings server 1.5.1.131

cisco webex meetings server 2.5 mr3

cisco webex meetings server 2.5_base

cisco webex meetings server 2.0 mr8

cisco webex meeting center t31_base

cisco webex meetings server 2.5 mr4

cisco webex meetings server 2.7 mr1

cisco webex meetings server 2.0 mr5

cisco webex support center t30_base

cisco webex meetings server 2.5.1.5

cisco webex meetings t30_base

cisco webex meetings server 2.5 mr6 patch 1

cisco webex training center t31_base

cisco webex meetings server 2.0 mr6

cisco webex meetings server 2.5 mr6 patch 2

cisco webex meetings server 2.6 mr3

cisco webex meetings server 2.0.1.107

cisco webex meetings server 2.5 mr6 patch 3

cisco webex meetings server 2.6 mr3 patch 1

cisco webex training center t32_base

cisco webex meetings server 2.6.0

cisco webex meetings server 2.5 mr6 patch 4

cisco webex meetings server 2.0 mr9

cisco webex meetings server 1.5.1.6

cisco webex meetings server 1.5_base

Vendor Advisories

Cisco: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, E ...

Recent Articles

Cisco plugs command-injection hole in WebEx Chrome, Firefox plugins
The Register • Shaun Nichols in San Francisco • 17 Jul 2017

Make sure you've updated if you're using Windows

Cisco has patched its Chrome and Firefox WebEx plugins to kill a bug that allows evil webpages to execute commands on computers. A malicious page, when visited by a vulnerable Windows machine, can exploit the security flaw (CVE-2017-6753) to run arbitrary commands and code with the same privileges as the browser. In other words, the page can abuse the installed plugins to hijack the PC. The hole is present in the Chrome and Firefox plugins for Cisco WebEx Meetings Server and Cisco WebEx Centers,...

Read more...

References

CWE-119https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webexhttp://www.securitytracker.com/id/1038911http://www.securitytracker.com/id/1038910http://www.securitytracker.com/id/1038909http://www.securityfocus.com/bid/99614https://nvd.nist.govhttps://www.theregister.co.uk/2017/07/17/cisco_webex_holes/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook