Cisco patches vulnerability in WebEx

News by Doug Olenick

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.

The versions impacted are:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
  • Cisco WebEx Meetings with client builds prior to T32.10
  • Cisco WebEx Meetings Server builds prior to 2.8 MR2

“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.

Topics:
Security

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events