Share This Post

Fixes and Workarounds Available for Cisco WebEx Browser Extension Remote Code Execution Vulnerability

According to CVE-2017-3823:

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Meetings Center when they are running on Microsoft Windows.

There are no workarounds that address this vulnerability. However, administrators and users of Microsoft Windows 10 systems can use Microsoft Edge to join and participate in WebEx sessions because Edge is not affected by this vulnerability. Additionally, administrators and users can remove all WebEx software from a Windows system by using the Meeting Services Removal Tool, which is available from https://help.webex.com/docs/DOC-2672.

Cisco is actively working to release free software updates that address the vulnerability described in this advisory.

Version 1.0.7 of the Cisco WebEx Extension for Chrome has been made available in the Google Chrome Web Store on January 26, 2017.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Share This Post

Leave a Reply