Cisco patches vulnerability in WebEx | SC Media
Strategy, Vulnerability management

Cisco patches vulnerability in WebEx

April 23, 2018

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

The vulnerability, CVE-2018-0112, is due to an insufficient input validation by the WebEx clients. To take advantage of this flaw an attacker would send meeting attendees a malicious Flash (.swf) file through the client's file-sharing protocol, the advisory reported. If properly exploited the attacker will be able to run arbitrary code on the system of the targeted user.

The versions impacted are:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.10
  • Cisco WebEx Meetings with client builds prior to T32.10
  • Cisco WebEx Meetings Server builds prior to 2.8 MR2

“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability,” the company said.

prestitial ad