Guest

Preview Tool

Cisco Bug: CSCvv14707 - Cisco Webex Training Unauthorized Meeting Join Vulnerability

Last Modified

Sep 02, 2020

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

WAS40.6.1

Description (partial)

Symptom:
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password.

The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-meetings-UtbwOR4Q

Conditions:
This vulnerability affects releases earlier than Release 40.7.6 of Cisco Webex Meetings, which is cloud based.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.