Remote code execution vulnerability in Cisco WebEx browser extensions

Cisco Jabber Client Flawed, Exposes Users to MitM Attacks

Ethical hacking training specialists from the International Institute of Cyber Security have reported the discovery of a new vulnerability in the Cisco WebEx browser extensions that could allow remote code execution; according to the reports, the vulnerability has already been exploited in the wild.

Just a few days ago Cisco announced the launching of a set of 24 update patches for the IOS XE operating system, in addition the company alerted its users about an incomplete solution for security flaws in some models of routers to small and medium sized businesses.

According to the ethical hacking training specialists, WebEx is the most used videoconferencing platform of Cisco, using a cloud-based approach. WebEx browser extensions make it easier for users to join meetings and contribute collaborations.

Exploiting the vulnerability in question allows threat actors to execute arbitrary code with browser privileges on machines with Windows operating systems that have specific browser extensions. Vulnerable extensions, according to the company’s notice, are:

  • Cisco WebEx Meetings Server
  • Cisco WebEx Centers

According to the ethical hacking training specialists report, the vulnerability exists due to a design error in the API Response Analyzer inside the plugin.

Vulnerability (identified as CVE-2017-3823) can also be exploited easily. To do so, an attacker only requires cheating the victim to visit a malicious page or use a compromised browser.

This vulnerability was discovered in 2017 by Google cybersecurity specialists, then Cisco launched software updates for the most widely used browsers, such as Chrome, Mozilla Firefox, Microsoft Edge, etc; The company recommends that users who have not applied the corrections update immediately.

In addition, the company has also warned its users about an incomplete solution for a couple of security drawbacks in Cisco Small Business RV320 and RV325, routers used by multiple SMES.