Cisco today fixed three security vulnerabilities in Webex Meetings that allowed unauthorized remote intruders to participate in meetings as ghost participants.
Cisco Webex is an online conference and video conferencing software that can be used to schedule and schedule meetings. Provides users with presentation, screen sharing and recording capabilities.
Cisco's remote meeting platform has seen a 451% increase in usage over four months due to the COVID-19 pandemic, and is hosting approximately 4 millions meetings per day for 324 million users at its peak.
Malicious users who abused the patched security holes could become "ghost" users and could join a meeting without being detected, IBM researchers discovered while analyzing the tool pluswork of Cisco for vulnerabilities.
"Ghost" users are participants in a meeting that are not visible in the list of users and have not been invited to the meeting, but can listen, talk and share in the meeting.
The three errors also allowed attackers to remain in the Webex meeting and maintain a two-way audio connection even after being removed by administrators who had access to Webex users' information, such as email addresses and IP addresses from the meeting room. .
IBM researchers made the following errors that allowed the attackers to:
- Participate in a Webex meeting as "Ghost" without appearing on the attendee list with full access to audio, video, chat and screen sharing features (CVE-2020-3419)
- Stay in a Webex meeting as a "Ghost" even if they are expelled from it, maintaining the audio connection (CVE-2020-3471)
- Access information about meeting participants – full names, email addresses post officey and IP addresses even without being admitted to the call (CVE-2020-3441)
Cisco recommends that users update to the latest immediately version of Webex to secure meetings from attackers who would try to exploit the above vulnerabilities.