Security News > 2020 > January > Cisco Webex bug allowed anyone to join a password-protected meeting
Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an "Unauthenticated" attendee sitting on a workstation far, far away to join a "Password-protected meeting without providing the meeting password".
According to the security advisory, which was rated as "High": "The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications."
"A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee," said Cisco.
Vulnerable products include Cisco's Webex Meetings Suite and Webex Meetings Online site releases earlier than 39.11.5 and 40.1.3.
The on-premises Cisco Webex Meetings Server is not affected.