Cisco Fixes WebEx Hole

Friday, April 20, 2018 @ 02:04 PM gHale

Cisco fixed a critical vulnerability in its WebEx videoconferencing software an attacker could leverage to compromise systems when attendees open a malware-laden Flash file.

The flaw is due to insufficient input validation by the Cisco WebEx clients, and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server.

RELATED STORIES
Fixed Hole Exploited in Iran, Russia
Cisco Clears Critical Holes
Cisco Adds Vulnerability ID to Tetration
Cisco Clears Critical Faults

“To exploit this vulnerability, the client application would require a meeting attendee to open a malicious Flash file. An attacker may be able to accomplish this exploit by providing the malicious .swf file directly to users via the file-sharing capabilities of the client,” Cisco said in a post.

The vulnerability ended up discovered and reported to Cisco by Alexandros Zacharis, an officer in the European Union Agency for Network and Information Security (ENISA).

There are no workarounds for the flaw, so users should either upgrade their software to the latest releases or remove it from their systems altogether.



Leave a Reply

You must be logged in to post a comment.