News Stay informed about the latest enterprise technology news and product updates.

Cisco releases multiple WebEx security patches

The most important of the seven fixes for the WebEx Meeting Server platform remedies a flaw that could allow a cross-site request forgery attack.

Cisco Systems Inc. has released the first major batch of security fixes for its WebEx Meeting Server platform since...

revamping the product line at the beginning of October 2014.

On Jan. 8 and 9, Cisco released a total of seven new security patches addressing a variety of WebEx security vulnerabilities, all but one of which have been rated as having a CVSS score of "medium."

The most severe flaw would allow a remote attacker to perform a cross-site request forgery (CSRF) attack because of inadequate CSRF protections. The attack could be executed by convincing a user to follow a malicious link or visit an attacker-controlled website.

Cisco's other patches address issues that would allow remote attackers to perform a number of malicious activities, including gaining authenticated administrator access, generating sensitive encrypted values, enumerating valid user accounts or modifying the invite list of scheduled meetings. One uncategorized issue, if left unaddressed, may lead to a remote attacker enumerating valid user accounts.

WebEx, an established Web, video and audio conferencing product, is widely used, though the networking giant hopes the updates it announced last fall will help fend off new virtual conferencing competitors. Cisco has made WebEx multi-platform with versions on all major mobile and desktop OSes, and is also working on Web-based versions using WebRTC and HTML5.

Dig Deeper on Secure remote access

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Following several patches, how concerned are you about WebEx security in your organization?
Cancel
We are very unconcerned with Cisco's WebEx security within our company tech infrastructure. Additionally, our company feels very confident in the updated security and new UI the latest patches have provided. We've never had a problem with WebEx and the services, and we do not expect any after the latest patches. WebEx proves to be a highly secure and valuable tool for our company. The patches are just a response to the latest threats.
Cancel
It is great they have fixed the CSRF vulnerability aka Bug ID CSCuj40456 since users keep and will keep voluntarily interacting with unknown content/sites.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close