Thursday, February 6, 2025
HomeCVE/vulnerabilityCisco Webex Meetings for Windows Let Hackers Gain Access to Sensitive Data

Cisco Webex Meetings for Windows Let Hackers Gain Access to Sensitive Data

Published on

SIEM as a Service

Follow Us on Google News

A vulnerability with Cisco Webex Meetings Desktop App for Windows allows an authenticated local attacker to gain access for sensitive information on a vulnerable system.

The vulnerability can be tracked as CVE-2020-3347 and it is due to unsafe usage of shared memory used by the application.

According to Trustwave SpiderLabs Security who discovered the vulnerability, if a user configured the client to log in automatically, then the client has several memory-mapped files that are not protected from reading or writing.

“Malicious users can open and dump the contents of this file if they can logon to the machine. Simply put, another user can loop over sessions and try to open, read, and save interesting content for future inspection.”

The vulnerability can be exploited by an attacker who has access to the system memory, by running the application on the local system.

Successful exploitation of the vulnerability allows attackers to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.

Cisco Webex Meetings Desktop App for Windows releases earlier than 40.6.0 are affected with the vulnerability, now Cisco released patches, users are recommended to apply the updates.

“When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.”

The Cisco Product Security Incident Response Team stated that “they not aware of any malicious use of the vulnerability that is described in this advisory.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Cisco Webex Flaw Let Unauthenticated Remote Attackers to Join Private Meetings Without Password

5 Bugs in Cisco SD-WAN Allows Attackers to Inject Arbitrary Commands With Root Privileges

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Authorities Arrested Hacker Who Compromised 40+ Organizations

Spanish authorities have arrested a hacker believed to be responsible for cyberattacks targeting over...

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

OpenAI may have become the latest high-profile target of a significant data breach.A...

Lumma Stealer Attacking Windows Users In India With Fake Captcha Pages

Cybersecurity experts are raising alarms over a new wave of attacks targeting Windows users...

Beware of Lazarus LinkedIn Recruiting Scam Targeting Org’s to Deliver Malware

A new wave of cyberattacks orchestrated by the North Korea-linked Lazarus Group has been...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

A recently disclosed vulnerability in F5's BIG-IP systems has raised alarm within the cybersecurity...

Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks”

Cisco has disclosed multiple vulnerabilities in its Simple Network Management Protocol (SNMP) subsystem affecting...

MobSF Framework Zero-Day Vulnerability Allows Attackers to Trigger DoS in Scan Results

A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms...