A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote malicious user to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions before 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions before 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco webex event center t31_base |
||
cisco webex meetings server 2.8_base |
||
cisco webex meetings server 2.5 mr5 |
||
cisco webex meetings server 2.6 mr1 |
||
cisco webex meetings server 2.5 mr6 |
||
cisco webex meetings server 2.6 mr2 |
||
cisco webex meetings server 2.0 mr9 patch 2 |
||
cisco webex meetings server 2.0 mr7 |
||
cisco webex meetings server 2.0 mr9 patch 3 |
||
cisco webex event center t30_base |
||
cisco webex meetings server 2.5 mr2 patch 1 |
||
cisco webex training center t30_base |
||
cisco webex meetings server 1.1_base |
||
cisco webex meetings server 2.5.99.2 |
||
cisco webex meetings server 2.6 mr3 patch 2 |
||
cisco webex meetings server 2.6 mr1 patch 1 |
||
cisco webex meetings server 2.7 mr1 patch 1 |
||
cisco webex meetings server 2.6.1.39 |
||
cisco webex meetings server 2.5.1.29 |
||
cisco webex meetings server 2.0_base |
||
cisco webex meeting center t32_base |
||
cisco webex meetings server 2.5 mr5 patch 1 |
||
cisco webex meetings server 2.0 mr8 patch 1 |
||
cisco webex meetings server 2.0 mr3 |
||
cisco webex event center t32_base |
||
cisco webex meetings server 2.0 mr4 |
||
cisco webex meetings server 2.7_base |
||
cisco webex meetings server 2.6 mr2 patch 1 |
||
cisco webex support center t31_base |
||
cisco webex meetings server 2.7 mr2 patch 1 |
||
cisco webex support center t32_base |
||
cisco webex meetings server 2.0 mr9 patch 1 |
||
cisco webex meetings server 2.5 mr1 |
||
cisco webex meeting center t30_base |
||
cisco webex meetings server 2.7 mr2 |
||
cisco webex meetings server 2.5 mr2 |
||
cisco webex meetings server 2.7.1 |
||
cisco webex meetings server 2.0 mr2 |
||
cisco webex meetings server 1.5.1.131 |
||
cisco webex meetings server 2.5 mr3 |
||
cisco webex meetings server 2.5_base |
||
cisco webex meetings server 2.0 mr8 |
||
cisco webex meeting center t31_base |
||
cisco webex meetings server 2.5 mr4 |
||
cisco webex meetings server 2.7 mr1 |
||
cisco webex meetings server 2.0 mr5 |
||
cisco webex support center t30_base |
||
cisco webex meetings server 2.5.1.5 |
||
cisco webex meetings t30_base |
||
cisco webex meetings server 2.5 mr6 patch 1 |
||
cisco webex training center t31_base |
||
cisco webex meetings server 2.0 mr6 |
||
cisco webex meetings server 2.5 mr6 patch 2 |
||
cisco webex meetings server 2.6 mr3 |
||
cisco webex meetings server 2.0.1.107 |
||
cisco webex meetings server 2.5 mr6 patch 3 |
||
cisco webex meetings server 2.6 mr3 patch 1 |
||
cisco webex training center t32_base |
||
cisco webex meetings server 2.6.0 |
||
cisco webex meetings server 2.5 mr6 patch 4 |
||
cisco webex meetings server 2.0 mr9 |
||
cisco webex meetings server 1.5.1.6 |
||
cisco webex meetings server 1.5_base |
Make sure you've updated if you're using Windows
Cisco has patched its Chrome and Firefox WebEx plugins to kill a bug that allows evil webpages to execute commands on computers. A malicious page, when visited by a vulnerable Windows machine, can exploit the security flaw (CVE-2017-6753) to run arbitrary commands and code with the same privileges as the browser. In other words, the page can abuse the installed plugins to hijack the PC. The hole is present in the Chrome and Firefox plugins for Cisco WebEx Meetings Server and Cisco WebEx Centers,...