Cisco Bug: CSCuo68624 - Missed security checking for unlisted meetings
Jan 28, 2017
- Cisco Webex Meetings Online
Known Affected Releases
Symptoms: A vulnerability in Cisco WebEx Business Suite (WBS) could allow an unauthenticated, remote attacker to use enumerated meeting identifiers to obtain confidential information. The vulnerability is due to meeting identifiers that are not randomly generated and may be enumerated. This may result in the disclosure of information such as the meeting title, meeting organizer, time, date, and duration of the meeting. If the meeting organizer does not require a password to attend the meeting or event, the meeting number is also returned and may be used to attend a meeting that is in progress. Even if a password is configured for a meeting, it is not required for participation on the audio bridge. Cisco has deployed software updates to the cloud services that address this vulnerability. Conditions: The vulnerability disclosed in this document affected the Cisco WebEx Business Suite (WBS27, WBS28, and WBS29): Cisco WebEx Business Suite (WBS29) prior to 188.8.131.52 Cisco WebEx Business Suite (WBS28) prior to T28L10NSP12EP13.18 (184.108.40.206) Cisco WebEx Business Suite (WBS27) prior to T27L10NSP32EP31.16 (220.127.116.11) To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under the appropriate center (such as ''About Support Center'' or ''About Event Center''). See ''Affected Products'' for details. Alternatively, version information for the Cisco WebEx meeting client can be accessed in the Cisco WebEx meeting client. Version information for the Cisco WebEx meeting client on Windows and Linux platforms can be viewed by choosing Help > About Cisco WebEx Meeting Center. Version information for the Cisco WebEx meeting client on Mac platforms can be viewed by choosing Meeting Center > About Cisco WebEx Meeting Center.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases