Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
5
Helpful
3
Replies

Webex Vulnerability Information

Go to solution
regina.gaines
Level 1
Level 1

‎01-21-2022 02:53 PM

Our company received a Cybersecurity Advisory for multiple vulnerabilities in Cisco products. For WebEx, it stated: A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. . Also, it states that updates should be available to resolve this issue. Is this as simple as downloading the latest version and updating on devices, or are there minor updates that need to be downloaded and installed?

Labels:
0 Helpful
2 Accepted Solutions

Go to solution
dtibbe
VIP Alumni
VIP Alumni

‎01-22-2022 09:17 AM - edited ‎01-22-2022 09:18 AM

It does not state anything for WebEx, only for Webex...

 

I guess you're referring to this advisory, aren't you? https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-webex-xss-FmbPu2pe.html

 

It states that the issue wass in the cloud-based service and is already resolved. No user interaction or client side tasks are required.

View solution in original post

Go to solution
Stephanie Knoop
VIP Alumni
VIP Alumni
In response to regina.gaines

‎01-24-2022 11:22 AM

For Webex Meetings, the vulnerability was a server side issue.  However, the client should be auto-updated on a monthly cycle unless your organization has opted for the slow release program. You should have no worries otherwise.


Response Signature

View solution in original post

0 Helpful
3 Replies 3

Go to solution
dtibbe
VIP Alumni
VIP Alumni

‎01-22-2022 09:17 AM - edited ‎01-22-2022 09:18 AM

It does not state anything for WebEx, only for Webex...

 

I guess you're referring to this advisory, aren't you? https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-webex-xss-FmbPu2pe.html

 

It states that the issue wass in the cloud-based service and is already resolved. No user interaction or client side tasks are required.

Go to solution
regina.gaines
Level 1
Level 1
In response to dtibbe

‎01-24-2022 07:24 AM

Thank you for the response. Yes, that's it. The information below in the bulletin raised a flag for us ("Cicso Webex Meetings"). We considered a need to update the WebEx Meeting client. 

 

SYSTEMS AFFECTED:

  • Cisco RCM for StarOS releases prior to 21.25.4
  • Cisco Webex Meetings
  • Vulnerable releases of ConfD.
  • Cisco Ultra Gateway Platform
  • Cisco Enterprise NFV Infrastructure Software (NFVIS)

Cisco Network Services Orchestrator (NSO

0 Helpful

Go to solution
Stephanie Knoop
VIP Alumni
VIP Alumni
In response to regina.gaines

‎01-24-2022 11:22 AM

For Webex Meetings, the vulnerability was a server side issue.  However, the client should be auto-updated on a monthly cycle unless your organization has opted for the slow release program. You should have no worries otherwise.


Response Signature
0 Helpful
Customers Also Viewed These Support Documents