Security News > 2020 > November > Cisco fixes WebEx bugs allowing 'ghost' attackers in meetings
Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.
The three bugs also enabled attackers to remain in the Webex meeting and maintain a bidirectional audio connection even after admins would remove them and access Webex users' information like email addresses and IP addresses from the meeting room lobby.
The vulnerabilities exist in the Cisco Webex Meetings and Cisco Webex Meetings Server, and they "Work by exploiting the handshake process that Webex uses to establish a connection between meeting participants."
The researchers were able to successfully demonstrate attacks abusing these Webex bugs on Windows, macOS, and the iOS version of Webex Meetings applications and Webex Room Kit appliance.
Cisco has addressed the vulnerabilities by patching cloud-based Cisco Webex Meetings sites and releasing security updates for on-premises software such as the Cisco Webex Meetings mobile app and the Cisco Webex Meetings Server software.