Guest

Preview Tool

Cisco Bug: CSCuo68624 - Missed security checking for unlisted meetings

Last Modified

Jan 28, 2017

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

T29.3 T29.7

Description (partial)

Symptoms:
A vulnerability in Cisco WebEx Business Suite (WBS) could allow an unauthenticated, remote attacker to use enumerated meeting identifiers to
obtain confidential information. The vulnerability is due to meeting identifiers that are not randomly generated and may be enumerated. This may
result in the disclosure of information such as the meeting title, meeting organizer, time, date, and duration of the meeting. If the meeting
organizer does not require a password to attend the meeting or event, the meeting number is also returned and may be used to attend a meeting
that is in progress. Even if a password is configured for a meeting, it is not required for participation on the audio bridge.

Cisco has deployed software updates to the cloud services that address this vulnerability.
Conditions:
 The vulnerability disclosed in this document affected the Cisco WebEx Business Suite (WBS27, WBS28, and WBS29):

    Cisco WebEx Business Suite (WBS29) prior to 29.5.1.12
    Cisco WebEx Business Suite (WBS28) prior to T28L10NSP12EP13.18 (28.12.13.18)
    Cisco WebEx Business Suite (WBS27) prior to T27L10NSP32EP31.16 (27.32.31.16)

To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx
meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page
under the appropriate center (such as ''About Support Center'' or ''About Event Center''). See ''Affected Products'' for details.

Alternatively, version information for the Cisco WebEx meeting client can be accessed in the Cisco WebEx meeting client. Version information for
the Cisco WebEx meeting client on Windows and Linux platforms can be viewed by choosing Help > About Cisco WebEx Meeting Center. Version
information for the Cisco WebEx meeting client on Mac platforms can be viewed by choosing Meeting Center > About Cisco WebEx Meeting Center.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.