Tuesday, October 27, 18:40
Home security Cisco: Fixes serious bugs in the Webex Meetings Desktop App

Cisco: Fixes serious bugs in the Webex Meetings Desktop App

Cisco released security updates today to address two high-risk vulnerabilities found in the Cisco Webex Meetings Desktop for Windows and macOS that could allow hackers to run programs and code on vulnerable devices.

Webex Cisco

Cisco Webex Meetings is an online conference and conference call software that facilitates scheduling and meeting attendance. The platform also provides presentation, screen sharing and recording capabilities.

The two vulnerabilities are referred to as CVE-2020-3263 and CVE-2020-3342 and affect previous versions of Cisco Webex Meetings Desktop App 39.5.12 and previous versions of Cisco Webex Meetings Desktop App 39.5.11 for Poppy.

Run remote programs on Windows systems

The arbitrary security flaw of a program running a program that affects the Windows client is caused by the inappropriate validation of the URLs provided to Cisco Webex Meetings Desktop Apps.

CVE-2020-3263 could allow remote intruders without authentication to run programs on systems running an unreleased version of application Cisco Webex Meetings Desktop. An intruder can exploit this vulnerability by deceiving the target to click on a malicious URL.

"A successful exploitation could allow the attacker to trigger the execution of others in the application programs that already exist in the system ", says Cisco.

"If there are malicious files on the system, the attacker could execute arbitrary code on the affected system."

Run the arbitrary code remotely on Mac

The vulnerability of executing a remote code found in the macOS client is due to improper validation of certificates in software update files downloaded from the affected versions of Cisco Webex Meetings Desktop App for Mac.

CVE-2020-3342 could allow unauthorized intruders to remotely execute arbitrary code with the privileges of the user connected to the Mac running non-updated versions of the Cisco Webex Meetings Desktop app.

"An attacker could exploit this vulnerability by persuading a user to go to a site that" displays "files to the client that are similar to files" displayed "on a valid Webex website," Cisco explains.

"The client may fail to properly validate the cryptographic protection methods of the files provided before performing them as part of an update."

Solution

Although there are no known solutions to these two vulnerabilities, Cisco has released free software updates to fix the flaws.

The Cisco Product Security Incident Response Team (PSIRT) has not yet identified any malicious use of these vulnerabilities.

Cisco corrected CVE-2020-3263 in the Cisco Webex Meetings Desktop App 40.1.0 version and later.

CVE-2020-3342 was fixed in versions 39.5.11 of the Cisco Webex Meetings Desktop App for Mac - and later.

Windows and macOS users can update the Cisco Webex Meetings Desktop App using the instructions in article of the Cisco Webex Meetings Desktop App Help Center.

Managers can update both applications for the entire user base, following the detailed instructions available here. guide from Webex.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...