As part of our ongoing effort to keep our clients informed about the latest cybersecurity threats, we issue advisories whenever new threats are detected. If you would like to receive such advisories in the future, update your preferences here.
This week, there is a new alert that requires attention.
A vulnerability recently was reported in the Cisco WebEx Meetings desktop application for Windows. The vulnerability, which applies to releases earlier than versions 40.4.12 and 40.6.0, could allow an attacker to gain access to sensitive information, such as usernames and authentication tokens, that could be leveraged to conduct future attacks.
The vulnerability exists due to unsafe use of shared memory by the WebEx application. An attacker is able to view system memory and then exploit the vulnerability via an application on the local system that can view shared memory.
Why Is This Noteworthy?
During the current COVID-19 pandemic, the number of Cisco WebEx users has increased dramatically due to work-from-home policies that have been enacted by companies worldwide.
What Is the Exposure/Risk?
The Cisco WebEx vulnerability can enable a malicious attacker to log into a victim’s WebEx account. This in turn would enable the attacker to log into meetings and gain access to meeting information, and even move across the organization to collect even more sensitive information.
What Are the Recommendations?
It is recommended that users patch the Cisco WebEx application to address this vulnerability. Version 40.6.0 and later will resolve this vulnerability.
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.