Cisco yesterday fixed three bugs in Webex Meetings that could allow hackers to participate in meetings without the knowledge of the participants. Cisco Webex is an online software for meetings and teleconferencing, which provides users with, among other things, the ability to make presentations, share their screen and record a conversation.
Use of Cisco's remote meeting platform increased by 451% in just four months, in view of the new conditions created by its global pandemic COVID-19. It is noteworthy that about 4 million meetings are held through it platform Cisco on a daily basis, with over 320.000.000 users.
The cybercriminals exploiting these bugs could become "ghost" users by participating in one Interactive meeting without being noticed. In other words, unauthorized users can join a meeting without appearing on the user list and without being invited to attend. However, they can speak, listen, speak and communicate whatever they want.
The three bugs could also allow attackers to stay in the Webex meeting and maintain a two-way audio connection even after the administrators have been removed, as well as gain access to Webex users' information, such as addresses. e-mail and IP addresses from the meeting room lobby. Bugs have been detected on Cisco Webex Meetings and Cisco Webex Meetings Server.
According to BleepingComputer, if hackers succeed in exploiting these bugs, they could do the following:
- Participate in a Webex meeting without appearing on the list of participants, having full access to audio, video, chat and screen sharing capabilities (CVE-2020-3419)
- Stay in a Webex meeting as ghosts, maintaining the audio connection (CVE-2020-3471)
- To obtain access information about participants, including full names, email addresses and IP addresses - from the meeting room lobby, even without being accepted into the call (CVE-2020-3441)
Cisco fixed the bugs by repairing Cisco Webex Meetings-based sites in cloud and releasing security updates for in-house software, such as the Cisco Webex Meetings mobile application and the Cisco Webex Meetings Server software.
Finally, users are advised to download the latest version of Webex immediately to protect themselves from hackers. Her research team IBM has also made a video demo that provides vulnerability information as well as tips on what Webex Meetings can do to prevent potential attacks.