MCP Insights

Public Safety Cybersecurity Threat Advisory: Cisco WebEx Vulnerability

Posted on June 30, 2020 by Mike Beagles

As part of our ongoing effort to keep our clients informed about the latest cybersecurity threats, we issue advisories whenever new threats are detected. If you would like to receive such advisories in the future, update your preferences here

This week, there is a new alert that requires attention.

Advisory Overview

A vulnerability recently was reported in the Cisco WebEx Meetings desktop application for Windows. The vulnerability, which applies to releases earlier than versions 40.4.12 and 40.6.0, could allow an attacker to gain access to sensitive information, such as usernames and authentication tokens, that could be leveraged to conduct future attacks.

The vulnerability exists due to unsafe use of shared memory by the WebEx application. An attacker is able to view system memory and then exploit the vulnerability via an application on the local system that can view shared memory.

Why Is This Noteworthy?

During the current COVID-19 pandemic, the number of Cisco WebEx users has increased dramatically due to work-from-home policies that have been enacted by companies worldwide. 

What Is the Exposure/Risk?

The Cisco WebEx vulnerability can enable a malicious attacker to log into a victim’s WebEx account. This in turn would enable the attacker to log into meetings and gain access to meeting information, and even move across the organization to collect even more sensitive information.

What Are the Recommendations?

It is recommended that users patch the Cisco WebEx application to address this vulnerability. Version 40.6.0 and later will resolve this vulnerability.

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

Topics: Public Safety Technology, Cybersecurity, Network Management, IT and Network Support, Utilities, Law Enforcement, Criminal Justice, 911 and Emergency Communications Centers, Fire and EMS

    Subscribe to Newsletter

    Icon

    Let's Talk

    How can we support your mission? From design and procurement to building and management, our national team of experts is here to help…because the mission matters.

    Get In Touch

    Mission Critical Partners

    A: 690 Grays Woods Blvd., Port Matilda, PA 16870
    P: 888.862.7911

    twitter-x-footer facebook_icon linkedin_icon

    Newsletter

    Click the button below to sign up for our newsletter.

    SIGN UP
    Navigation

    ©2024 All Rights Reserved

    NENA 911   APCO International   iCERT

    Privacy Policy  |  Terms & Conditions