CVE-2017-6753 : Security Advisory and Response
Learn about CVE-2017-6753 affecting Cisco WebEx browser extensions on Google Chrome and Mozilla Firefox. Find out how to mitigate this security flaw.
A security flaw in the browser extensions for Cisco WebEx on Google Chrome and Mozilla Firefox could allow remote attackers to execute code with the same privileges as the affected browser on compromised systems.
Understanding CVE-2017-6753
What is CVE-2017-6753?
This vulnerability affects the browser extensions for various Cisco WebEx products when running on Windows, allowing attackers to potentially run arbitrary code on the compromised system.
The Impact of CVE-2017-6753
The flaw in the Cisco WebEx browser extensions could lead to unauthorized code execution by attackers, compromising the security and integrity of affected systems.
Technical Details of CVE-2017-6753
Vulnerability Description
- Design error in the Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox
- Allows remote attackers to execute arbitrary code with the browser's privileges
Affected Systems and Versions
- Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome and Mozilla Firefox
Exploitation Mechanism
- Attackers can exploit the flaw by tricking users into visiting malicious websites or clicking on attacker-provided links
Mitigation and Prevention
Immediate Steps to Take
- Update Cisco WebEx browser extensions to version 1.0.12 or higher
- Avoid clicking on suspicious links or visiting untrusted websites
Long-Term Security Practices
- Regularly update browser extensions and software to patch known vulnerabilities
Patching and Updates
- Cisco has assigned Bug IDs CSCvf15012, CSCvf15020, CSCvf15030, CSCvf15033, CSCvf15036, CSCvf15037 to address this issue