Rewterz Threat Alert – TrickBot Steals Windows Active Directory Credentials
January 24, 2020Rewterz Threat Alert – GoMiner Mutates and Spreads via Public Cloud Storage Providers
January 27, 2020Rewterz Threat Alert – TrickBot Steals Windows Active Directory Credentials
January 24, 2020Rewterz Threat Alert – GoMiner Mutates and Spreads via Public Cloud Storage Providers
January 27, 2020Severity
High
Analysis Summary
The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee.
Impact
Allow an unauthenticated, remote attendee to join a password protected meeting
Affected Vendors
Cisco
Affected Products
Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3
Remediation
Please see vendor’s advisory for the list of updated patches.