News

Cisco Webex extension for Chrome has serious vulnerability that allows Arbitrary Remote Command Execution

AmarendraJanuary 25, 2017
0 1 minute read

Cisco WebEx is one of the most widely used tools for conferencing and remote desktop sharing. Google researcher Tavis Ormandy unveiled a serious exploit in WebEx plugin for Chrome. The vulnerability will allow a hacker to execute code and take full control of the computer. Cisco has released a patch to fix this but the patch seem to be ineffective. We suggest you to use IE or Firefox to initiate WebEx or follow this method to protect your computer.

The extension works on any URL that contains the magic pattern “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html”, which can be extracted from the extensions manifest. Note that the pattern can occur in an iframe, so there is not necessarily any user-visible indication of what is happening, visiting any website would be enough. The extension uses nativeMessaging and is enough for any website to execute arbitrary code.

When a person initiates start of a meeting,  WebEx uses a coded magic pattern to remotely start the meetings on connected machines with Chrome extension installed. The magic pattern is cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html. A hacker can use this URL to trigger the WebEx extension when you visit. The hacker can then take full control of your computer.

Tags
AmarendraJanuary 25, 2017
0 1 minute read

Amarendra

Co-Founder of GadgetDetail, gadget lover, addicted to American TV shows, fan of Ferrari and Federer, Bengalurian, FOOD LOVER, multiplex hater.

Related Articles

Embracing Mastodon

January 26, 2023

Best and worst products I purchased in past one year

July 26, 2022

Logitech Lift mouse is the one you need to avoid RSI

April 21, 2022

Best Fitness applications for 2022

April 20, 2022
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x