Cisco Warns of Vulnerability in Older Webex Applications

Cisco has issued a critical advisory regarding vulnerabilities found in specific versions of its Webex client software. Users of Webex versions 44.6 and 44.7 are urged to update their applications immediately due to a flaw in the URL parsing functionality that could allow malicious code execution.

The identified vulnerability affects all operating systems that run these versions of the Webex client. Cisco's advisory indicates that when users click on a specially crafted link to join a Webex meeting, it may trigger the download of executable files that run with the user's permissions. The implications of this are serious, as the existing security mechanisms within the operating systems may not prevent exploitation, although Cisco has not clarified the extent of this risk.

The vulnerability has been categorized with a preliminary CVE rating of 'High', receiving a score of 8.8 out of 10 on the severity scale. Notably, there is no workaround available for this issue, making immediate action crucial for users.

The only affected versions are 44.6 and 44.7; earlier version 44.5 and any versions prior are not impacted. Cisco has confirmed that the subsequent version, 44.8, rectifies this security shortcoming. Details about how this vulnerability emerged and why it is limited to versions 44.6 and 44.7 have not been disclosed.

Users are encouraged to download the updated version 44.8 directly from Cisco's official website to mitigate any potential risks associated with this vulnerability.