Trustwave SpiderLabs discovered a Cisco Webex memory vulnerability that could enable an attacker to gain entry to sensitive details this sort of authentication tokens.
The vulnerability, assigned as CVE-2020-3347 in the disclosure, was uncovered by Martin Rakhmanov, stability exploration manager at Trustwave SpiderLabs. It impacts all variations of Cisco Webex by means of 40.6. Rakhmanov introduced an advisory Thursday on the vulnerability and mitigation.
Cisco worked on an escalated program to get the patch out due to the fact they knew the severity of the flaw, Trustwave senior menace intelligence manager Karl Sigler mentioned.
Inspired by a surge in movie conferencing, Trustwave SpiderLabs scientists decided to take a look at Webex, a single of the most popular movie and messaging resources on the market place, according to Sigler.
“The primary problem with this vulnerability is that you can find a function in how Cisco Webex performs in which pretty confidential, pretty sensitive details is saved in memory to an unprotected point out, so any typical person, visitor person, regular person account would have entry to be able to dump that sensitive details,” Sigler mentioned. “That would enable them to listen in on Webex meetings, past Webex meetings and basically impersonate the human being whose information they stole out of memory.”
Cisco Webex is a popular product, specially among the company corporations, Sigler mentioned. Nevertheless, to choose benefit of this vulnerability, the victim’s method would have to have an active Webex account, particularly for Home windows the vulnerability will not have an impact on Webex for MacOS, iOS and Android.
The sufferer in this situation would have to have an active Webex account and an active Webex software program for an assault to be effective.
“The attacker would require to have entry to that method in some type or style, this sort of as logging in by means of a remote session and currently have a existence on the method,” Sigler mentioned. “It could also be that they are pushing malware out as form of their proxy so an attacker would pretty very easily create malware that is specialized for this purpose. And if they can trick the sufferer into setting up the malware, the malware could just sit on the method indefinitely just monitoring memory with all those Webex tokens and just sending them again to the attacker just exfiltrating that information to the attacker.”
From there, malicious customers could entry new meetings and recordings and get hold of confidential details.
Trustwave disclosed the vulnerability to Cisco on April 23 a patch was introduced Wednesday, and Trustwave and Cisco advise updating Webex consumers to version 40.6.. Trustwave mentioned there are no indications the Webex vulnerability has been exploited in the wild.
No subject which movie conferencing program corporations use, Sigler mentioned there are ways to choose to increase stability this sort of as creating passwords for specific meetings.
“I imagine that corporations that do their very own due diligence to search at former vulnerabilities, determine out how infrastructure performs, how their employees are laid out — irrespective of whether they are scattered remotely or situated in a one area — all of all those issues go into final decision-generating for which conferencing software program to use, as long as corporations have a course of action to quickly deploy patches and make guaranteed customers are up to date on the most existing version and to make guaranteed their customers are aware of social engineering assaults that are existing correct now,” Sigler mentioned.