In todays’s digital world, where you can make millions sitting home, some clicks on the wrong links can give you fits as well. Experts found a hugely penetrating exposure in the Cisco Systems’ WebEx browser extension for Chrome and Firefox. This has happened second time this year. Due to this flaw, attackers can inculcate malicious code on a victim’s computer remotely. Here Cisco System WebEx users need to be careful enough in order to escape being a victim of hackers. If you have a protective shield of a trustworthy VPN service, then don’t worry about any security risk. But if you still have an unsafe connection, you need to jump into the pool of safe Vpn service. At this point, ExpressVPN and NordVPN are the choices of billions.
What Is Cisco System WebEx?
Cisco system WebEx is a well-known tool to set up online events. We can conduct meetings, webinars, and video conferences through it. It works as a great support for the users sitting miles apart from each other. But they need to collaborate and connect with co-workers and colleagues around the world. The extension has nearly20 million participating users.
The Remote Execution Flaw:
Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security; discovered the flaw in remote code execution (CVE-2017-6753). It is because of a defect in the Cisco SyestemWebEx browser extension design. Any attacker can easily exploit this vulnerability. Therefore the attacker can simply deceit victims to click a web page. The page contains specially formulated malicious code with help of the browser that has affected extension installed.
Result Of Successful Exploitation:
As a matter of fact, the attacker can enforce random code with the privilege of the affected browser and achieve command of the infected system.
“I see several problems with the way sanitization works, and have produced a remote code execution exploit to demonstrate them,” Ormandy said. “This extension has over 20M [million] active Chrome users alone, FireFox and other browsers are likely to be affected as well.”
Cisco Manufacturer’s Response To The Cisco System webEx Flaw:
By the time, C isco has rectified the vulnerability that appeared due to the flwa. Moreover, it has released “Cisco WebEx Extension 1.0.12”. It’s an updated version for Chrome and Firefox browsers that address this issue, though “there are no workarounds that address this vulnerability.”
The Affectees Of The Vulnerability On The Browser Extensions:
According to An advisory released today, Cisco has confirmed the following as afectees.
- Cisco WebEx Meetings Server
- WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center)
- WebEx Meetings (when they are running on Microsoft Windows,)Cisco confirmed in an released today.
In general, users are always recommended to run all software as a non-privileged user in an effort to diminish the effects of a successful attack.
