Cisco has issued a patch for a vulnerability that affects extensions for the WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings when they are running on Microsoft Windows.
Cisco has issued a patch for a vulnerability that affects extensions for the WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings when they are running on Microsoft Windows.

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

Officially designated as CVE-2017-6753, the bug affects Cisco's extensions for its WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings, leaving them susceptible to attack when running on Microsoft Windows.

According to a Cisco security advisory, an unauthenticated, remote adversary could exploit the flaw to execute code, with browser privileges, by tricking a user into their visiting an attacker-controlled website or clicking on a malicious link.

WebEx extensions Versions prior to 1.0.12 for both Chrome and Firefox contain the flaw, which Cisco said is "due to a design defect."