Skip to main content
Tag

WebEx patch

||

Cisco Fixes Critical WebEx Bug

By News, Patch ManagementNo Comments

Cisco Fixes Critical WebEx Bug

A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution on targeted machines is being actively exploited in the wild.
[vc_empty_space]
[vc_single_image image=”28826″ img_size=”full” alignment=”center”]

Cisco have re-released a patch to resolve a Critical vulnerability in its highly popular conferencing solution.  The following versions of the Cisco WebEx browser extensions are affected:

  • Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
  • Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
  • Versions prior to 2.1.0.10 of the Download Manager ActiveX control plugin on Internet Explorer

By exploiting this latest issue, attackers could execute arbitrary code with the privileges of the affected browser on Windows PCs that have specific browser extensions installed. The vulnerable extensions are for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center and Support Center), according to an advisory.

Robert Brown, Director of Services for Verismic said, “The bug effects almost all well-known browsers including Google Chrome, Mozilla Firefox and Internet Explorer and with a CVSS score of 8.8 (High Severity) we are recommending our clients perform the deployment urgently.  This vulnerability is known to be actively targeted for exploitation.”

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]
[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]