CVE-2017-6753

Name: CVE-2017-6753
Creator: NVD / NIST
Published: 2017-07-25T19:29:00.397+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.95%

Last modified Jun 17, 2026

CVE-2017-6753 is a vulnerability of currently unknown severity. A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. EPSS estimates a 5.95% chance of exploitation in the next 30 days.

Description

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.

Metrics

EPSS Probability

5.95%

92.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Webex Event Center	t30_base
Cisco	Webex Event Center	t31_base
Cisco	Webex Event Center	t32_base
Cisco	Webex Meeting Center	t30_base
Cisco	Webex Meeting Center	t31_base
Cisco	Webex Meeting Center	t32_base
Cisco	Webex Meetings	t30_base
Cisco	Webex Meetings Server	1.1_base
Cisco	Webex Meetings Server	1.5.1.6
Cisco	Webex Meetings Server	1.5.1.131
Cisco	Webex Meetings Server	1.5_base
Cisco	Webex Meetings Server	2.0.1.107
Cisco	Webex Meetings Server	2.0_base
Cisco	Webex Meetings Server	2.5.1.5
Cisco	Webex Meetings Server	2.5.1.29
Cisco	Webex Meetings Server	2.5.99.2
Cisco	Webex Meetings Server	2.5_base
Cisco	Webex Meetings Server	2.6.0
Cisco	Webex Meetings Server	2.6.1.39
Cisco	Webex Meetings Server	2.7.1
Cisco	Webex Meetings Server	2.7_base
Cisco	Webex Meetings Server	2.8_base
Cisco	Webex Meetings Server 2.0	mr2
Cisco	Webex Meetings Server 2.0	mr3
Cisco	Webex Meetings Server 2.0	mr4
Cisco	Webex Meetings Server 2.0	mr5
Cisco	Webex Meetings Server 2.0	mr6
Cisco	Webex Meetings Server 2.0	mr7
Cisco	Webex Meetings Server 2.0	mr8
Cisco	Webex Meetings Server 2.0	mr9
Cisco	Webex Meetings Server 2.0 Mr8 Patch	1
Cisco	Webex Meetings Server 2.0 Mr9 Patch	1
Cisco	Webex Meetings Server 2.0 Mr9 Patch	2
Cisco	Webex Meetings Server 2.0 Mr9 Patch	3
Cisco	Webex Meetings Server 2.5	mr1
Cisco	Webex Meetings Server 2.5	mr2
Cisco	Webex Meetings Server 2.5	mr3
Cisco	Webex Meetings Server 2.5	mr4
Cisco	Webex Meetings Server 2.5	mr5
Cisco	Webex Meetings Server 2.5	mr6
Cisco	Webex Meetings Server 2.5 Mr2 Patch	1
Cisco	Webex Meetings Server 2.5 Mr5 Patch	1
Cisco	Webex Meetings Server 2.5 Mr6 Patch	1
Cisco	Webex Meetings Server 2.5 Mr6 Patch	2
Cisco	Webex Meetings Server 2.5 Mr6 Patch	3
Cisco	Webex Meetings Server 2.5 Mr6 Patch	4
Cisco	Webex Meetings Server 2.6	mr1
Cisco	Webex Meetings Server 2.6	mr2
Cisco	Webex Meetings Server 2.6	mr3
Cisco	Webex Meetings Server 2.6 Mr1 Patch	1

Showing 50 of 63 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/99614Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038909Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038910Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038911Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webexVendor Advisory
http://www.securityfocus.com/bid/99614Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038909Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038910Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038911Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webexVendor Advisory

Timeline

Published: Jul 25, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-6753?

How severe is CVE-2017-6753?

Severity scoring for CVE-2017-6753 is pending analysis. The EPSS model estimates a 5.95% probability of exploitation in the next 30 days.

How do I fix CVE-2017-6753?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6753?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST