Advisory ID: cisco-sa-20170124-webex
Revision 1.0
For Public Release 2017 January 22 18:30 UTC (GMT)
Last Updated 2017 January 24 18:30 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the Cisco WebEx browser extensions provided by Cisco
WebEx Meetings Server and Cisco WebEx Meetings Center could allow an
unauthenticated, remote attacker to execute arbitrary code on a targeted
system.
The vulnerability is due to the use of a crafted pattern by the affected
software. An attacker could exploit this vulnerability by directing a
user to a web page that contains the crafted pattern and starting a
WebEx session. The WebEx session could allow the attacker to execute
arbitrary code on the affected system, which could be used to conduct
further attacks.
Cisco has begun to release software updates that address this
vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą