Cisco Fixes Critical WebEx Bug
A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution on targeted machines is being actively exploited in the wild.
Cisco have re-released a patch to resolve a Critical vulnerability in its highly popular conferencing solution. The following versions of the Cisco WebEx browser extensions are affected:
- Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
- Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
- Versions prior to 220.127.116.11 of the Download Manager ActiveX control plugin on Internet Explorer
By exploiting this latest issue, attackers could execute arbitrary code with the privileges of the affected browser on Windows PCs that have specific browser extensions installed. The vulnerable extensions are for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center and Support Center), according to an advisory.
Robert Brown, Director of Services for Verismic said, “The bug effects almost all well-known browsers including Google Chrome, Mozilla Firefox and Internet Explorer and with a CVSS score of 8.8 (High Severity) we are recommending our clients perform the deployment urgently. This vulnerability is known to be actively targeted for exploitation.”