Firms running Cisco WebEx are told to update their software… again!

Graham Cluley

Firms running Cisco WebEx are told to update their software... again!

Firms running Cisco WebEx are told to update their software... again!

It feels like no time at all since businesses were being advised to update their installations of Cisco’s WebEx conferencing software to deal with a security issue.

And that’s because, it is barely any time at all…

Little over a week ago, Cisco issued an advisory warning that an attacker could spread a boobytrapped .SWF Flash file to other WebEx participants.

Now WebEx users are being warned about another security vulnerability, which could see remote attackers execute malicious code on the computers of targeted users.

Cisco says that the problem lies in WebEx Network Recording Player for Advanced Recording Format files. That’s quite a mouthful, so let’s call them ARF files after their extension .ARF.

Normally, WebEx ARF files hold video recording data from online meetings, as well as other information including attendee lists, and can be opened with the Cisco WebEx player.

However, researcher Kushal Arvind Shah of Fortinet discovered that it was possible for an ARF file to be maliciously crafted in such a way that unauthorised code could be executed on users’ computers. All you would have to do is trick a user into opening the boobytrapped file, perhaps by sending it as an attachment or link via email pretending that it was an archive of an online meeting.

The following versions of the WebEx software are said to be affected by the vulnerability:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
  • Cisco WebEx Meetings with client builds prior to T32.12
  • Cisco WebEx Meeting Server builds prior to 3.0 Patch 1

The fact that WebEx is so widely used inside businesses could make it an increasing target for malicious hackers eager to break inside specific organisations.

Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Firms running Cisco WebEx are told to update their software… again!”

  1. "Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems."

    That's great until you realise that Webex is resold by value added resellers like Vodafone etc who have their own update schedule andadd a whole other level of complexity to the equation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.