{"id":41015,"date":"2020-06-19T11:39:59","date_gmt":"2020-06-19T11:39:59","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=51ac9c74b2b0df68a29eb83fbd2a3842"},"modified":"2020-06-19T11:39:59","modified_gmt":"2020-06-19T11:39:59","slug":"severe-cisco-webex-flaw-grants-hackers-access-to-meeting-data","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/severe-cisco-webex-flaw-grants-hackers-access-to-meeting-data\/","title":{"rendered":"\u2018Severe\u2019 Cisco WebEx flaw grants hackers access to meeting data"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
19 Jun, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

\u200b<\/span>Cisco has patched a dangerous flaw that allows a hacker to access victims\u2019 accounts from another machine in order to see all meetings, individuals invited, meeting passwords and past meeting records.<\/p>\n

The shared memory information leakage vulnerability, found in the Cisco WebEx Meetings<\/a> desktop app for Windows, allows an authenticated attacker to gain access to sensitive information either locally, or by running a malicious programme<\/a>.<\/p>\n

Assigned CVE-2020-3347, the exploitation is based on the unsafe usage of shared memory used by the video conferencing<\/a> platform\u2019s desktop client, according to Trustwave researchers<\/a>, who discovered the flaw.<\/p>\n

Once the WebEx Meetings application is installed, it adds an application to the tray that starts up automatically once the user logs on. If the user has configured the client to log on automatically too, which by default it does, several memory-mapping files open, with some unprotected from opening for reading and writing.<\/p>\n

An attacker with permissions to view system memory could exploit this vulnerability by running an application that\u2019s designed to read shared memory. The hacker can loop over sessions and try to open, read and save content for future examination.<\/p>\n

Successful exploitation could give the hacker the power to retrieve sensitive information through this mechanism, including usernames, meeting information, as well as authentication tokens that can be used in future attacks.<\/p>\n

\u201cDue to the global pandemic of COVID-19<\/a>, there\u2019s been an explosion of video conferencing and messaging software usage to help people transition their work-life to a work from home environment,\u201d said Trustwave security research manager Martin Rakhmanov.<\/p>\n

\u201cVulnerabilities in this type of software now present an even greater risk to its users. Cisco WebEx is one of the most popular video conferencing solutions<\/a> available, so I decided to turn my research skills to see how secure the platform is.<\/p>\n

\u201cIn an attack scenario, any malicious local user or malicious process running on a computer where WebEx Client for Windows is installed can monitor the memory-mapped file for a login token. Once found the token, like any leaked credentials, can be transmitted somewhere so that it can be used to login to the WebEx account in question, download Recordings, view\/edit Meetings, etc.\u201d<\/p>\n

Cisco has released a software update addressing this vulnerability, urging users to update their Cisco Webex Meetings software to version 40.6.0 and higher. The \u201crelatively severe\u201d flaw affected versions of the platform released earlier than this, with Rakhmanov testing the exploitation on version 40.4.12.8. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

19 Jun, 2020 <\/p>\n

\u200bCisco has patched a dangerous flaw that allows a hacker to access victims\u2019 accounts from another machine in order to see all meetings, individuals invited, meeting passwords and past mee…<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41015","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41015"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41015\/revisions"}],"predecessor-version":[{"id":41016,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41015\/revisions\/41016"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}