Cisco WebEx Vulnerability Fixed, Again

Monday, January 30, 2017 @ 02:01 PM gHale


Cisco’s WebEx extension for Chrome, after a few iterations, is now fixed.

Google bug hunter Tavis Ormandy released last week there was a remotely exploitable code execution flaw in the WebEx extension.

RELATED STORIES
Cisco Patches TelePresence, Expressway Holes
Cisco Fixing WebEx Extension
Cisco Clears Cloud Fault
Passwords Reset on Cisco Careers Portal

Since then, Cisco released updates in quick succession. The problem was, they did not appear to be as complete.

Cisco just released version 1.0.7 (the initial update to fix the flaw was 1.0.3).

The latest update of the security advisory said WebEx extensions for Firefox and Internet Explorer on Windows systems also had the same flaw, which then required an update.

Cisco WebEx browser extensions for Mac or Linux, and Cisco WebEx on Microsoft Edge did not suffer from the issue.

The company has offered users the option to switch to Microsoft Edge to join and participate in WebEx sessions, and released a Meeting Services Removal Tool that can help them remove all WebEx software from a Windows system.

Malicious web requests aimed at exploiting the flaw can also end up blocked by those using web proxies or web gateways by creating a specific URL filtering policy. The policy would not allow URL requests containing the flaw triggering string pattern through.



Leave a Reply

You must be logged in to post a comment.