[Updated] New bug could let hacker infiltrate in any password-protected Cisco Webex meeting

This story is being continuously updated…. New updates are being added at the bottom…..

Original story (from Jan 27) follows:

Imagine a scenario about a high profile corporate meeting where the top head honchos from all over the world are discussing the next financial strategies of a global enterprise.

Though the high-profile meeting is secured with robust protection methods like password, a hacker manages to peep in without actually knowing the password? Even though the scenario sounds like a clip from a shady b-grade movie, a newly found vulnerability made it possible.

The Vulnerability

Cisco’s highly secured video conferencing platform Webex, which is highly adored by many top-line enterprises around the world, is riddled with a savage vulnerability. Through a security advisory, Cisco has just admitted about the existence of the vulnerability.

The company has explained in the advisory that the flaw could let any infiltrator snoop into any Cisco Webex meeting without inputting the required meeting password or knowing the meeting URL.

However, the hacker would only be successful if the hacker attempt to achieve it exclusively through a mobile device. The bug existed both in Android and iOS version of the Web mobile application.

How may it happen?

• Cisco explained the vulnerability could have been exploited only via the Webex mobile application via the browsers of both Android or iPhone devices.
• Once a hacker launched the Webex Mobile app, the flaw could help the hacker to join the meeting.
• “The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee,” Cisco explained.

Victims of the Vulnerability

Cisco has confirmed that this vulnerability affected only the Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. Other Cisco Webex product owners have nothing to worry about this colossal vulnerability.

The affected

Cisco has confirmed that this bug hasn’t damaged any of their clients’ network. Cisco has confirmed it fixed this vulnerability in page versions 39.11.5 and later and 40.1.3 and later for Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites.

Some minor tweaks have been done in the story based on the inputs from a Cisco representative.

Written by- Anirban Roy

PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.