Cisco patches vulnerability in WebEx browser extensions for Google Chrome and Mozilla Firefox

By on
Cisco patches vulnerability in WebEx browser extensions for Google Chrome and Mozilla Firefox

Cisco has released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

Officially designated as CVE-2017-6753, the bug affects Cisco's extensions for its WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings, leaving them susceptible to attack when running on Microsoft Windows.

According to a Cisco security advisory, an unauthenticated, remote adversary could exploit the flaw to execute code, with browser privileges, by tricking a user into their visiting an attacker-controlled website or clicking on a malicious link.

WebEx extensions Versions prior to 1.0.12 for both Chrome and Firefox contain the flaw, which Cisco said is "due to a design defect."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

In a bid to combat phoenixing, the government is introducing unique ID numbers for company directors. Do you agree with this policy?
Yes
No
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?