VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution
Posted on January 25, 2017
A vulnerability in the Cisco WebEx Browser extension for Chrome, Firefox, and Internet Explorer could be used to execute code on a victim system. It is trivial to exploit the vulnerability and sample exploit code has been released publicly. The vulnerability leverages command execution in the launch_meeting message via a message event, which can be executed on any page containing a specific magic pattern.
Exposure and Impact
Successful exploitation of the vulnerability could result in the ability to run code in the context of the user by making the call to launch_meeting message. A successful attack would require that the victim visit their malicious URL containing the exploit code.
Remediation & Mitigation
Cisco has released version 1.0.7 of the Chrome plugin to fix this vulnerability.
The recommend mitigation at this time includes uninstalling the WebEx plugin.
This custom rule should be bound to the Google Chrome application and will identify vulnerable versions of the Cisco WebEx Extension for Google Chrome. This will report systems affected by CVE-2017-3823.
Click Here to Download (ZIP) (Updated to consider 1.0.7 the fixed version)
Tripwire is planning to release coverage for this CVE in ASPL-709. Additional rules may be posted here before the release of ASPL-709 to facilitate discovery of vulnerable extensions for other browsers.