Update Cisco Webex Meetings immediately

Cisco today fixed three security vulnerabilities in Webex Meetings that allowed unauthorized remote intruders to participate in meetings as ghost participants.

Cisco Webex is one λογισμικό συσκέψεων και τηλεδιάσκεψης που μπορεί να χρησιμοποιηθεί για τον προγραμματισμό και τη συμμετοχή συναντήσεων. Παρέχει στους χρήστες δυνατότητες παρουσίασης, κοινής χρήσης οθόνης και εγγραφής.

Cisco's remote conference platform saw a 451% increase in usage over four months due to the COVID-19 pandemic, and hosts about 4 million meetings a day for its 324 million users at its peak.

Malicious users who abused the patched security holes could become "ghost" users and could join a meeting without being detected, researchers discovered of IBM while analyzing Cisco's collaboration tool for vulnerabilities.

"Ghost" users are participants in a meeting that are not visible in the list of users and have not been invited to the meeting, but can listen, talk and share in the meeting.

The three τα επέτρεψαν επίσης στους επιτιθέμενους να παραμείνουν στη σύσκεψη Webex και να διατηρήσουν μια αμφίδρομη σύνδεση even after being removed by administrators they had access to Webex user information such as email addresses and IP addresses from the meeting "room".

IBM researchers made the following errors that allowed the attackers to:

  • Join a Webex meeting as a “Ghost” without appearing in the participant list with full access to audio, video, and screen sharing (CVE-2020-3419)
  • Stay in a Webex meeting as a "Ghost" even if they are expelled from it, maintaining the audio connection (CVE-2020-3471)
  • Access meeting meeting information - full names, email addresses and IP addresses even without being accepted into the call (CVE-2020-3441)

Cisco recommends that users immediately update to the latest version of Webex to secure meetings from intruders trying to exploit these vulnerabilities.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).