==================================================================== CERT-Renater Note d'Information No. 2017/VULN019 _____________________________________________________________________ DATE : 25/01/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco WebEx Browser Extension. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex ____________________________________________________________________ Cisco WebEx Browser Extension Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170124-webex Revision 1.0 For Public Release 2017 January 22 18:30 UTC (GMT) Last Updated 2017 January 24 18:30 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================