Cisco Urges Users to Patch for Webex Vulnerability

Cisco has found a flaw which allows attackers to execute arbitrary code with the user’s privileges when running Cisco Webex Meetings Virtual Desktop App for Windows.

Cisco explains, “A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user.”

Cisco’s Product Security Incident Response Team has not yet seen any attacks in the wild, but with so many remote workers due to COVID, organizations could be exposed.

Cisco has given the bug a severity rating of 7.3 out of a possible 10 and tracked as CVE-2020-3588.

Cisco is also urging customers to update Webex Meetings sites and Webex Meetings Server due to vulnerabilities affecting the Webex Network Recording Player for Windows and Webex Player for Windows.

“Understanding your environment’s exposure, not only to operating system vulnerabilities, but also critical third-party applications like Cisco Webex, is vital to ensure IT compliance and security. Advanced patch and vulnerability management technology like Syxsense closes potential routes of exposure even in remote worker environments we see today with COVID,” commented Ashley Leonard, CEO of Syxsense Inc.