UC Today reports:
Cisco has issued a warning after a critical vulnerability has been found in the Webex App that could allow malicious code to be smuggled in through specially crafted meeting invitation links.
“A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user,”
Cisco said in its advisory blog.
The vulnerability, assigned a CVSS base score of 8.8—making it a high-severity flaw—has prompted Cisco to release emergency patches for affected versions of the platform.
… According to Cisco’s advisory, the vulnerability affects specific versions of the Cisco Webex App across all operating systems and configurations.
The following versions are vulnerable:
- Cisco Webex App 44.7 (all releases)
- Cisco Webex App 44.6 (prior to version 44.6.2.30589)
Read more at UC Today.