The Channel logo


By | Darren Pauli 14th January 2015 10:32

Change the plan for Sat night, hackers. No more biz meetup eavesdrop LOLs

Cisco squashes bugs in WebEx

Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions.

The popular platform contained a cross site request forgery in versions 1.5 and below.

Cisco slapped a moderate severity rating on the bug (CVE-2014-8031).

"A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory.

"The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website."

A further three flaws meant attackers could launch cross-site scripting attacks (CVE-2014-8030), generate a users' encrypted password (CVE-2014-8032), and exploit an exposed API to become an administrator (CVE-2014-8033).

In May, Cisco patched a handful of buffer overflow holes in its WebEx line that led to remote code execution. In November the company flung patches addressing some wobbly features and enforced stricter controls including that all meetings must have passwords.

Users should be cautious when opening links related to WebEx and update to a non-vulnerable version as soon as possible. ®

comment icon Read 1 comment on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe