Cyber Security Application Security Cisco Webex bugs allow you to invisibly attend someone...

Cisco Webex bugs allow you to invisibly attend someone else’s conference

-

Three vulnerabilities have been identified in the Webex Meetings product line from Cisco Systems that allow you to illegally join a video conference and monitor its progress without disclosing your presence. Cisco profile cloud services have patched, patches for mobile and server Webex applications are already available, the rest are scheduled for release on November 24.

According to the authors of the find, new issues are related to the ability to manipulate the data that the Webex client and the backend server exchange during the handshake. The implementation of the invisible participant in Webex video conferencing and Personal Rooms has been successfully replicated on macOS, Windows, and iOS.

Presenting the results of the vulnerability analysis, IBM experts noted that exploitation in all cases is possible only if the URL of the planned event is available and is performed by submitting a special request to the target server.

According to Cisco’s descriptions, the new loopholes collectively allow an attacker to do the following:

  • Join a Webex conference without being on any list of attendees and gain full access to audio, video, chat, and text and graphics ( CVE-2020-3419 ).
  • Listen to performances even after being blacklisted ( CVE-2020-3471 ).
  • Collect information about conference participants such as full name, email, IP address, etc. ( CVE-2020-3441 ).

This year, the popularity of the Webex platform, according to IBM, has increased 5.5 times, apparently due to COVID-19. During peak days, telecommuters held 4 million Webex meetings with up to 324 million attendees.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you