CVE-2017-6753

Name of the Vulnerable Software and Affected Versions Cisco WebEx browser extensions versions prior to 1.0.12

Description A design defect in the Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. The vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings when they are running on Microsoft Windows. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability, potentially executing arbitrary code with the privileges of the affected browser.

Recommendations For versions prior to 1.0.12 of the Cisco WebEx browser extensions, update to version 1.0.12 or later to resolve the issue. As a temporary workaround, consider disabling the affected browser extensions until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.