Cisco Webex vulnerabilities may enable attackers to covertly join meetings

2020-11-19 12:37

Join Webex meetings without appearing in the participant list.

"These flaws affect both scheduled meetings with unique meeting URLs and Webex Personal Rooms. Personal rooms may be easier to exploit because they are often based on a predictable combination of the room owner's name and organization name. These technical vulnerabilities could be further exploited with a combination of social engineering, open source intelligence and cognitive overloading techniques."

The vulnerabilities can all be exploited by unauthenticated, remote attackers, either by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site or by browsing the Webex roster.

Cisco addressed them in Cisco Webex Meetings sites a few days ago and no user action is required.

Users of Cisco Webex Meetings Server are advised to upgrade to 3.0MR3 Security Patch 5 or 4.0MR3 Security Patch 4, which contain the needed fixes.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8uJrs8KaJWQ/

#cisco #vulnerabilities #webex

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4442	231	3052	1816	604	5703

News URL

Related news

Related vendor