Security News > 2020 > November > Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping
2020-11-18 18:58

Once they have meeting access, an attacker could exploit the flaw by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site.

It affected all Cisco Webex Meetings sites prior to November 17, 2020; and all Cisco Webex Meetings apps releases 40.10.9 and earlier for iOS and Android.

"Cisco addressed this vulnerability on November 17, 2020, in Cisco Webex Meetings sites, which are cloud based," according to Cisco.

Two other flaws in Cisco Webex were also discovered by IBM researchers - including one allowing an unauthenticated, remote attacker to view sensitive Webex information from the meeting room lobby, and another enabling bad actors to maintain the audio connection of a Webex session despite being expelled.

Cisco IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers - allowing system management in the data center and across distributed branch-office locations.


News URL

https://threatpost.com/cisco-webex-flaw-snooping/161355/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751