Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary. A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android. After the attackers input the meeting ID into their mobile Webex application, the browser then requests to launch the device’s Webex mobile application, allowing them to enter the meeting – sans a password. “The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications,” said Cisco in a Friday advisory. “An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser.” One caveat to the attack is that unauthorized attendees would be visible in the attendee list of the meeting as a mobile attendee – meaning their presence could be detected by others in the meeting. However, if left undetected, an attacker would be able to eavesdrop on potentially secretive or critical business meeting details. Affected are Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites for versions earlier than 39.11.5 (for the former) and 40.1.3 (for the latter). Cisco fixed this vulnerability in versions 39.11.5 and later and 40.1.3 and later for Cisco…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-01-24 14:27:002020-01-24 14:27:00Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com