Cisco Fixes Critical WebEx Bug

Cisco Fixes Critical WebEx Bug

Cisco have re-released a patch to resolve a Critical vulnerability in its highly popular conferencing solution.  The following versions of the Cisco WebEx browser extensions are affected:

  • Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
  • Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
  • Versions prior to 2.1.0.10 of the Download Manager ActiveX control plugin on Internet Explorer

By exploiting this latest issue, attackers could execute arbitrary code with the privileges of the affected browser on Windows PCs that have specific browser extensions installed. The vulnerable extensions are for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center and Support Center), according to an advisory.

Robert Brown, Director of Services for Verismic said, “The bug effects almost all well-known browsers including Google Chrome, Mozilla Firefox and Internet Explorer and with a CVSS score of 8.8 (High Severity) we are recommending our clients perform the deployment urgently.  This vulnerability is known to be actively targeted for exploitation.”

Recent Posts

Topics

Related Posts

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024