← Back

CVE-2017-6753

nvd nist
Published: Jul 25, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.

Affected (63)

Cisco
20 products
Webex Event Center
Webex Meeting Center
Webex Meetings
Webex Meetings Server
Webex Meetings Server 2.0
Webex Meetings Server 2.0 Mr8 Patch
Webex Meetings Server 2.0 Mr9 Patch
Webex Meetings Server 2.5
Webex Meetings Server 2.5 Mr2 Patch
Webex Meetings Server 2.5 Mr5 Patch
Webex Meetings Server 2.5 Mr6 Patch
Webex Meetings Server 2.6
Webex Meetings Server 2.6 Mr1 Patch
Webex Meetings Server 2.6 Mr2 Patch
Webex Meetings Server 2.6 Mr3 Patch
Webex Meetings Server 2.7
Webex Meetings Server 2.7 Mr1 Patch
Webex Meetings Server 2.7 Mr2 Patch
Webex Support Center
Webex Training Center
Configuration A
63 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Webex Event Center
Version t30_base
Webex Event Center
Version t31_base
Webex Event Center
Version t32_base
Cisco
Webex Meeting Center
Version t30_base
Webex Meeting Center
Version t31_base
Webex Meeting Center
Version t32_base
Webex Meetings
Version t30_base
Cisco
Webex Meetings Server
Version 1.1_base
Webex Meetings Server
Version 1.5.1.131
Webex Meetings Server
Version 1.5.1.6
Webex Meetings Server
Version 1.5_base
Webex Meetings Server
Version 2.0.1.107
Webex Meetings Server
Version 2.0_base
Webex Meetings Server
Version 2.5.1.29
Webex Meetings Server
Version 2.5.1.5
Webex Meetings Server
Version 2.5.99.2
Webex Meetings Server
Version 2.5_base
Webex Meetings Server
Version 2.6.0
Webex Meetings Server
Version 2.6.1.39
Webex Meetings Server
Version 2.7.1
Webex Meetings Server
Version 2.7_base
Webex Meetings Server
Version 2.8_base
Cisco
Webex Meetings Server 2.0
Version mr2
Webex Meetings Server 2.0
Version mr3
Webex Meetings Server 2.0
Version mr4
Webex Meetings Server 2.0
Version mr5
Webex Meetings Server 2.0
Version mr6
Webex Meetings Server 2.0
Version mr7
Webex Meetings Server 2.0
Version mr8
Webex Meetings Server 2.0
Version mr9
Webex Meetings Server 2.0 Mr8 Patch
Version 1
Cisco
Webex Meetings Server 2.0 Mr9 Patch
Version 1
Webex Meetings Server 2.0 Mr9 Patch
Version 2
Webex Meetings Server 2.0 Mr9 Patch
Version 3
Cisco
Webex Meetings Server 2.5
Version mr1
Webex Meetings Server 2.5
Version mr2
Webex Meetings Server 2.5
Version mr3
Webex Meetings Server 2.5
Version mr4
Webex Meetings Server 2.5
Version mr5
Webex Meetings Server 2.5
Version mr6
Webex Meetings Server 2.5 Mr2 Patch
Version 1
Webex Meetings Server 2.5 Mr5 Patch
Version 1
Cisco
Webex Meetings Server 2.5 Mr6 Patch
Version 1
Webex Meetings Server 2.5 Mr6 Patch
Version 2
Webex Meetings Server 2.5 Mr6 Patch
Version 3
Webex Meetings Server 2.5 Mr6 Patch
Version 4
Cisco
Webex Meetings Server 2.6
Version mr1
Webex Meetings Server 2.6
Version mr2
Webex Meetings Server 2.6
Version mr3
Webex Meetings Server 2.6 Mr1 Patch
Version 1
Webex Meetings Server 2.6 Mr2 Patch
Version 1
Cisco
Webex Meetings Server 2.6 Mr3 Patch
Version 1
Webex Meetings Server 2.6 Mr3 Patch
Version 2
Cisco
Webex Meetings Server 2.7
Version mr1
Webex Meetings Server 2.7
Version mr2
Webex Meetings Server 2.7 Mr1 Patch
Version 1
Webex Meetings Server 2.7 Mr2 Patch
Version 1
Cisco
Webex Support Center
Version t30_base
Webex Support Center
Version t31_base
Webex Support Center
Version t32_base
Cisco
Webex Training Center
Version t30_base
Webex Training Center
Version t31_base
Webex Training Center
Version t32_base

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.