Firms running Cisco WebEx are told to update their software… again!

Firms running Cisco WebEx are told to update their software... again!

It feels like no time at all since businesses were being advised to update their installations of Cisco’s WebEx conferencing software to deal with a security issue.

And that’s because, it is barely any time at all…

Little over a week ago, Cisco issued an advisory warning that an attacker could spread a boobytrapped .SWF Flash file to other WebEx participants.

Now WebEx users are being warned about another security vulnerability, which could see remote attackers execute malicious code on the computers of targeted users.

Cisco says that the problem lies in WebEx Network Recording Player for Advanced Recording Format files. That’s quite a mouthful, so let’s call them ARF files after their extension .ARF.

Normally, WebEx ARF files hold video recording data from online meetings, as well as other information including attendee lists, and can be opened with the Cisco WebEx player.

However, researcher Kushal Arvind Shah of Fortinet discovered that it was possible for an ARF file to be maliciously crafted in such a way that unauthorised code could be executed on users’ computers. All you would have to do is trick a user into opening the boobytrapped file, perhaps by sending it as an attachment or link via email pretending that it was an archive of an online meeting.

The following versions of the WebEx software are said to be affected by the vulnerability:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
  • Cisco WebEx Meetings with client builds prior to T32.12
  • Cisco WebEx Meeting Server builds prior to 3.0 Patch 1

The fact that WebEx is so widely used inside businesses could make it an increasing target for malicious hackers eager to break inside specific organisations.

Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:

, , ,

One Response

  1. Jeremy Roberts

    May 4, 2018 at 11:35 pm #

    Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems.”

    That’s great until you realise that Webex is resold by value added resellers like Vodafone etc who have their own update schedule andadd a whole other level of complexity to the equation.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.