Cisco has released an important security update for the WebEx Meetings desktop app for Windows. The update addresses a vulnerability (CVE-2024-20399) that could allow someone to execute unauthorized code if a user clicks on a specially crafted meeting link.

This notice only applies if your team uses WebEx. If not, no action is needed.

What’s the issue?

A recently discovered vulnerability in the WebEx desktop app for Windows may put systems at risk if a user opens a malicious meeting invite. The issue does not affect the WebEx mobile app or web version.

Cisco has released a patch, and updating the WebEx desktop app is the only way to resolve the issue. There are no known workarounds.

Who is affected?

Only users of the Cisco WebEx Meetings desktop app for Windows are affected. Other versions are not impacted.

What you should do:

We recommend that all WebEx users open the app and confirm it’s updated to the latest version.

For clients enrolled in WorkSmart Workstation Remote Management service:
Your devices will attempt to update WebEx automatically. However, if WebEx is open during the update attempt, it may not complete. For best results, we recommend manually checking that the app has been updated.

In Summary

If your team uses WebEx, please take a moment to open the app and confirm it’s fully updated. If you’re not sure whether this applies to your organization, or would like help confirming updates, reach out to your WorkSmart support contact – we’re happy to help.