Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1719
Views
0
Helpful
4
Replies

How to fix WebEx vulnerability: CVE-2017-3823: WebEx Extension For Microsoft Internet Explorer Remote Code Execution Vulnerability

rrkkrr25971
Level 1
Level 1

‎05-09-2020 09:15 PM

Hello All,

 

I am an SCCM admin and am required to remediate the following WebEx vulnerability:
CVE-2017-3823: Cisco WebEx Extension For Microsoft Internet Explorer Remote Code Execution Vulnerability

 

Remeditaion:
Update to the latest version of Cisco WebEx browser extension (1.0.4 or later)
Refer: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Donload: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

 

However, I am unable to find the download for 'Cisco WebEx browser extension (1.0.4 or later)'

Could someone please advise the method to remediate for mass PCs? Thanks

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎05-09-2020 09:53 PM

In summary, the only way to fix the vulnerability is to update the browser extension to whatever is the latest.
0 Helpful

rrkkrr25971
Level 1
Level 1
In response to Leo Laohoo

‎05-10-2020 12:39 PM

Thanks - and that's where I need help. Where can I download the latest browser extension? I cannot find it upon searching the WebEx site, or google. Please help
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to rrkkrr25971

‎05-10-2020 02:53 PM

For which browser? 

0 Helpful

rrkkrr25971
Level 1
Level 1
In response to Leo Laohoo

‎05-10-2020 08:31 PM

I have a list of vulnerabilities, the most common being for Internet Explorer - The scanner detects C:\ProgramData\webex\ieatgpc.dll v2.1.0.8 as vulnerable, and solution is to update it to WebEx browser extension (1.0.4 or later)

In addition, a few are also reported for Chrome:
%systemdrive%\users\user123\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.1_0 cisco webex extension 1.0.1 is vulnerable
and the solution is to Update to the latest version of Cisco WebEx browser extension (1.0.12 or later)

*OS is Windows only

The ideal solution is to update these extensions for mass PCs silently without any user intervention (e.g. next launch of browser), though I am unclear if that is possible.
0 Helpful
Customers Also Viewed These Support Documents