Security News > 2020 > January > Cisco Webex Vulnerability Exploited to Join Meetings Without a Password

Cisco Webex Vulnerability Exploited to Join Meetings Without a Password
2020-01-25 12:36

Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings.

The vulnerability, tracked as CVE-2020-3142 and classified as high severity, affected Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites, releases earlier than 39.11.5 and 40.1.3.

According to Cisco, the flaw allowed an unauthenticated attacker to join password-protected meetings without the need to provide a password.

"The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device's web browser. The browser will then request to launch the device's Webex mobile application," Cisco said in its advisory.

Cisco told SecurityWeek that some of its customers had used the vulnerability to access their own meetings, and the company is also aware of "Exploitation of the vulnerability by unauthenticated attendees using the mobile app to gain unauthorized access to Webex's audio capability."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/jUqFxU3oR1g/cisco-webex-vulnerability-exploited-join-meetings-without-password

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-26 CVE-2020-3142 Missing Authentication for Critical Function vulnerability in Cisco Webex Meetings Online
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password.
network
low complexity
cisco CWE-306
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751