Skip to main content

WebEx patch


Cisco Fixes Critical WebEx Bug

By News, Patch Management

Cisco Fixes Critical WebEx Bug

A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution on targeted machines is being actively exploited in the wild.

Cisco have re-released a patch to resolve a Critical vulnerability in its highly popular conferencing solution.  The following versions of the Cisco WebEx browser extensions are affected:

  • Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
  • Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
  • Versions prior to of the Download Manager ActiveX control plugin on Internet Explorer

By exploiting this latest issue, attackers could execute arbitrary code with the privileges of the affected browser on Windows PCs that have specific browser extensions installed. The vulnerable extensions are for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center and Support Center), according to an advisory.

Robert Brown, Director of Services for Verismic said, “The bug effects almost all well-known browsers including Google Chrome, Mozilla Firefox and Internet Explorer and with a CVSS score of 8.8 (High Severity) we are recommending our clients perform the deployment urgently.  This vulnerability is known to be actively targeted for exploitation.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo