Firms running Cisco WebEx are told to update their software… again!

Firms running Cisco WebEx are told to update their software... again!

It feels like no time at all since businesses were being advised to update their installations of Cisco’s WebEx conferencing software to deal with a security issue.

And that’s because, it is barely any time at all…

Little over a week ago, Cisco issued an advisory warning that an attacker could spread a boobytrapped .SWF Flash file to other WebEx participants.

Sign up to our free newsletter.
Security news, advice, and tips.

Now WebEx users are being warned about another security vulnerability, which could see remote attackers execute malicious code on the computers of targeted users.

Cisco says that the problem lies in WebEx Network Recording Player for Advanced Recording Format files. That’s quite a mouthful, so let’s call them ARF files after their extension .ARF.

Normally, WebEx ARF files hold video recording data from online meetings, as well as other information including attendee lists, and can be opened with the Cisco WebEx player.

However, researcher Kushal Arvind Shah of Fortinet discovered that it was possible for an ARF file to be maliciously crafted in such a way that unauthorised code could be executed on users’ computers. All you would have to do is trick a user into opening the boobytrapped file, perhaps by sending it as an attachment or link via email pretending that it was an archive of an online meeting.

The following versions of the WebEx software are said to be affected by the vulnerability:

  • Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
  • Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
  • Cisco WebEx Meetings with client builds prior to T32.12
  • Cisco WebEx Meeting Server builds prior to 3.0 Patch 1

The fact that WebEx is so widely used inside businesses could make it an increasing target for malicious hackers eager to break inside specific organisations.

Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Firms running Cisco WebEx are told to update their software… again!”

  1. Jeremy Roberts

    "Fortunately, the vulnerability was disclosed responsibly to Cisco, and fixes are now being rolled out to customers that are licensed to receive updates. And if your business is not licensed for WebEx software updates you may be wise to either renegotiate your contract, or remove WebEx from your systems."

    That's great until you realise that Webex is resold by value added resellers like Vodafone etc who have their own update schedule andadd a whole other level of complexity to the equation.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.