Gunnar Assmy - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Cisco releases multiple WebEx security patches

The most important of the seven fixes for the WebEx Meeting Server platform remedies a flaw that could allow a cross-site request forgery attack.

Cisco Systems Inc. has released the first major batch of security fixes for its WebEx Meeting Server platform since revamping the product line at the beginning of October 2014.

On Jan. 8 and 9, Cisco released a total of seven new security patches addressing a variety of WebEx security vulnerabilities, all but one of which have been rated as having a CVSS score of "medium."

The most severe flaw would allow a remote attacker to perform a cross-site request forgery (CSRF) attack because of inadequate CSRF protections. The attack could be executed by convincing a user to follow a malicious link or visit an attacker-controlled website.

Cisco's other patches address issues that would allow remote attackers to perform a number of malicious activities, including gaining authenticated administrator access, generating sensitive encrypted values, enumerating valid user accounts or modifying the invite list of scheduled meetings. One uncategorized issue, if left unaddressed, may lead to a remote attacker enumerating valid user accounts.

WebEx, an established Web, video and audio conferencing product, is widely used, though the networking giant hopes the updates it announced last fall will help fend off new virtual conferencing competitors. Cisco has made WebEx multi-platform with versions on all major mobile and desktop OSes, and is also working on Web-based versions using WebRTC and HTML5.

Dig Deeper on Secure remote access

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Following several patches, how concerned are you about WebEx security in your organization?
We are very unconcerned with Cisco's WebEx security within our company tech infrastructure. Additionally, our company feels very confident in the updated security and new UI the latest patches have provided. We've never had a problem with WebEx and the services, and we do not expect any after the latest patches. WebEx proves to be a highly secure and valuable tool for our company. The patches are just a response to the latest threats.
It is great they have fixed the CSRF vulnerability aka Bug ID CSCuj40456 since users keep and will keep voluntarily interacting with unknown content/sites.