Guest

Preview Tool

Cisco Bug: CSCvt08611 - Webex Meetings Can Be Scheduled on Behalf of Another User

Last Modified

Jul 07, 2020

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

40.7.0 TBD WBS40.1.7

Description (partial)

Symptom:
This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.

Authorization checks fail to properly validate the source of meeting requests. By sending requests to a Cisco Webex Meetings site, another user could schedule Webex meetings on behalf of another user if the user could gain access to the numeric user ID.

Conditions:
Device running with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.