Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.
Officially designated as CVE-2017-6753, the bug affects Cisco's extensions for its WebEx Meetings Server, Cisco WebEx Centers, and Cisco WebEx Meetings, leaving them susceptible to attack when running on Microsoft Windows.
According to a Cisco security advisory, an unauthenticated, remote adversary could exploit the flaw to execute code, with browser privileges, by tricking a user into their visiting an attacker-controlled website or clicking on a malicious link.
WebEx extensions Versions prior to 1.0.12 for both Chrome and Firefox contain the flaw, which Cisco said is "due to a design defect."