Critical Vulnerability Discovered In Popular Cisco WebEx Service

A new critical remote code execution vulnerability flaw has been discovered in Cisco’s WebEx online and video collaboration software. The vulnerability can allow malicious attackers to remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections.

Lane Thames, Senior Security Researcher at Tripwire: 

“This is an interesting vulnerability. I wouldn’t necessarily consider it earth-shattering, however, organizations might want to patch this quickly. Why? Because this vulnerability will be leveraged by malicious insiders (insider threats) and targeted attacks. The vulnerability requires a malicious actor to already have an account on the machine or on the domain. If an attacker has this foothold already within an organization’s network, this vulnerability could be used to gain or escalate privileges on very sensitive machines, such as those used by senior executives and such. Attackers focused on intellectual property theft and corporate espionage will find this vulnerability very useful, especially considering how common WebEx is within enterprise organizations.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.