As part of our ongoing effort to keep our clients informed about the latest cybersecurity threats, we issue advisories whenever new threats are detected. If you would like to receive such advisories in the future, update your preferences here

This week, there is a new alert that requires attention.

Advisory Overview

A vulnerability recently was reported in the Cisco WebEx Meetings desktop application for Windows. The vulnerability, which applies to releases earlier than versions 40.4.12 and 40.6.0, could allow an attacker to gain access to sensitive information, such as usernames and authentication tokens, that could be leveraged to conduct future attacks.

The vulnerability exists due to unsafe use of shared memory by the WebEx application. An attacker is able to view system memory and then exploit the vulnerability via an application on the local system that can view shared memory.

Why Is This Noteworthy?

During the current COVID-19 pandemic, the number of Cisco WebEx users has increased dramatically due to work-from-home policies that have been enacted by companies worldwide. 

What Is the Exposure/Risk?

The Cisco WebEx vulnerability can enable a malicious attacker to log into a victim’s WebEx account. This in turn would enable the attacker to log into meetings and gain access to meeting information, and even move across the organization to collect even more sensitive information.

What Are the Recommendations?

It is recommended that users patch the Cisco WebEx application to address this vulnerability. Version 40.6.0 and later will resolve this vulnerability.

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

Don't forget to share this post!

Mike Beagles
Mike Beagles
Mike has specialized experience with supporting public safety agencies by providing technical expertise, strategic planning and general consulting for new and innovative mission critical technologies as well as legacy solutions. Throughout his long-standing career, he has worked as a technical service manager and network engineer for several public safety software companies, as well as an IT manager with a mid-tier public safety 911/ CAD/RMS/Mobile software provider. His expertise runs deep in team and project management for large and small projects, which he has done for more than 12 years.

Related posts

Public Safety Technology Cybersecurity Network Management IT and Network Support

Cybersecurity Threat Advisory: Fortinet and Microsoft Exchange Vulnerability Exploits

December 2, 2021
Mike Beagles
Cybersecurity

Cybersecurity Threat Advisory: Office 365 Zero-Day Attacks

September 14, 2021
Mike Beagles
Cybersecurity

Cybersecurity Threat Advisory: 'PrintNightmare' Zero-Day Vulnerability in Windows Print Spooler

July 13, 2021
Mike Beagles