Vulnerabilities

Remote code execution vulnerability in Cisco WebEx browser extensions

Ethical hacking training specialists from the International Institute of Cyber Security have reported the discovery of a new vulnerability in the Cisco WebEx browser extensions that could allow remote code execution; according to the reports, the vulnerability has already been exploited in the wild.

Just a few days ago Cisco announced the launching of a set of 24 update patches for the IOS XE operating system, in addition the company alerted its users about an incomplete solution for security flaws in some models of routers to small and medium sized businesses.

According to the ethical hacking training
specialists, WebEx is the most used videoconferencing platform of Cisco, using
a cloud-based approach. WebEx browser extensions make it easier for users to
join meetings and contribute collaborations.

Exploiting the vulnerability in question allows
threat actors to execute arbitrary code with browser privileges on machines
with Windows operating systems that have specific browser extensions.
Vulnerable extensions, according to the company’s notice, are:

  • Cisco
    WebEx Meetings Server
  • Cisco
    WebEx Centers

According to the ethical hacking training
specialists report, the vulnerability exists due to a design error in the API
Response Analyzer inside the plugin.

Vulnerability (identified as CVE-2017-3823) can
also be exploited easily. To do so, an attacker only requires cheating the
victim to visit a malicious page or use a compromised browser.

This vulnerability was discovered in 2017 by Google
cybersecurity specialists, then Cisco launched software updates for the most
widely used browsers, such as Chrome, Mozilla Firefox, Microsoft Edge, etc; The
company recommends that users who have not applied the corrections update
immediately.

In addition, the company has also warned its
users about an incomplete solution for a couple of security drawbacks in Cisco
Small Business RV320 and RV325, routers used by multiple SMES.

To Top

Pin It on Pinterest

Share This