The Channel logo


By | Darren Pauli 14th January 2015 10:32

Change the plan for Sat night, hackers. No more biz meetup eavesdrop LOLs

Cisco squashes bugs in WebEx

Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions.

The popular platform contained a cross site request forgery in versions 1.5 and below.

Cisco slapped a moderate severity rating on the bug (CVE-2014-8031).

"A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory.

"The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website."

A further three flaws meant attackers could launch cross-site scripting attacks (CVE-2014-8030), generate a users' encrypted password (CVE-2014-8032), and exploit an exposed API to become an administrator (CVE-2014-8033).

In May, Cisco patched a handful of buffer overflow holes in its WebEx line that led to remote code execution. In November the company flung patches addressing some wobbly features and enforced stricter controls including that all meetings must have passwords.

Users should be cautious when opening links related to WebEx and update to a non-vulnerable version as soon as possible. ®

comment icon Read 1 comment on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'