Advisory Overview
A vulnerability was recently reported in the Cisco WebEx Meetings Desktop App for Windows releases earlier than 40.4.12 and 40.6.0 that could allow an attacker to gain access to sensitive information such as usernames, authentication tokens, and meeting information. SKOUT recommends updating the client to version 40.6.0 or newer.
Technical detail and additional information
What is the threat?
A vulnerability (CVE-2020-3347) affecting Cisco WebEx Meetings Desktop App for Windows could allow an authenticated local attacker to gain access to sensitive information on an affected system. Information such as usernames, authentication tokens and meeting information can be gathered by the threat actor via shared memory. The vulnerability occurs due to unsafe usage of shared memory that is used by WebEx. An authenticated attacker is able to view system memory and can exploit the vulnerability through the use of an application on the local system that can view shared memory.
Why is this noteworthy?
Due to the current pandemic, the number of users that utilize Cisco WebEx has increased dramatically as a result of work from home policies that have been enacted by companies across the world. Thus, with this Cisco WebEx vulnerability, malicious actors can utilize this opportunity to target users and gain access to sensitive information which can be leveraged to conduct future attacks. Once the vulnerability is successfully exploited threat actors can edit meetings, download recordings, and gain meeting information as well as authentication tokens.
What is the exposure or risk?
The Cisco WebEx vulnerability can lead to the exposure of highly sensitive data such as usernames, auth tokens and meeting information. This information can allow a malicious actor to login with the victims WebEx account and then move across an organization to collect even more information via the use of recorded sessions or logging into different meetings impersonating personnel.
What are the recommendations?
It is recommended that users patch Cisco WebEx to address this vulnerability. The release of version 40.6.0 and later for Cisco WebEx Meetings Desktop App will resolve this vulnerability.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/new-cisco-webex-meetings-flaw-lets-attackers-steal-auth-tokens/
- https://nvd.nist.gov/vuln/detail/CVE-2020-3347
If you have any questions, please contact our Security Operations Center.
