Cisco plugs command-injection hole in WebEx Chrome, Firefox plugins | WHAT REALLY HAPPENED


Cisco plugs command-injection hole in WebEx Chrome, Firefox plugins

Cisco has patched its Chrome and Firefox WebEx plugins to kill a bug that allows evil webpages to execute commands on computers.

A malicious page, when visited by a vulnerable Windows machine, can exploit the security flaw (CVE-2017-6753) to run arbitrary commands and code with the same privileges as the browser. In other words, the page can abuse the installed plugins to hijack the PC.

The hole is present in the Chrome and Firefox plugins for Cisco WebEx Meetings Server and Cisco WebEx Centers, and affects products including WebEx Meeting Center, Event Center, Training Center and Support Center. Internet Explorer and Edge are not considered vulnerable, and both OS X and Linux versions of Chrome and Firefox are also safe.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA