430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixed flaws in WebEx that allow ghost participants in meetings

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. Cisco has addressed three vulnerabilities in Webex Meetings (CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. “A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server […]

cisco webex coronavirus

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

Cisco has addressed three vulnerabilities in Webex Meetings (CVE-2020-3441CVE-2020-3471, and CVE-2020-3419) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

“A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list.” reads the security advisory published by Cisco.

The vulnerabilities were discovered earlier this year by security by IBM researchers as part of an assessment of the tools used by its personnel for remote working during the COVID-19 pandemic.

Ghost participants to a meeting could be seen in the user list, but they can access any media within the meeting, even if they were not invited.

The flaws also allowed attackers to remain in the Webex meeting as ghost audio users after admins would remove them, they also allowed them to access Webex users’ information, including full names, email addresses, and IP addresses.

The bugs affect Cisco Webex Meetings and Cisco Webex Meetings Server, they reside in the “handshake” process that allows establishing a new Webex meeting.

“Malicious actors could abuse these flaws to become a ‘ghost’ joining a meeting without being detected.” reads the report published by IBM. “The now-patched flaws, discovered by IBM researchers, would have allowed an attacker to:

  1. Join a Webex meeting as a ghost without being seen on the participant list with full access to audio, video, chat and screen-sharing capabilities.
  2. Stay in a Webex meeting as a ghost after being expelled from it, maintaining audio connection.
  3. Gain access to information on meeting attendees — including full names, email addresses and IP addresses — from the meeting room lobby, even without being admitted to the call.”

The experts were able to exploit the flaws on MacOS, Windows, and the iOS version of Meetings applications and Webex Room Kit appliance.

IBM experts also published a video PoC of the attack.

https://youtu.be/YNn59MnQsiE

“Once a host starts or unlocks a meeting, a ghost could slip in and join the meeting using the handshake manipulation, without ever showing up on any participant list, including the host’s participant list. The ghost could see and hear other participants, as well as view shared screens and chat without revealing their presence.” continues the report.

“With this technique, the only indication the participants would have that they may not be alone is the beep of a new audio connection. For especially large meetings, the host might disable the entry and exit tone, allowing the ghost to enter perfectly stealthily. In other instances, the ghost’s entry tone would play, but may go unnoticed by the host or other participants who aren’t counting and associating each tone with a specific participant.”

Cisco has patched cloud-based Cisco Webex Meetings sites and released security updates for on-premises software to address the flaws.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

[adrotate banner=”5″]

[adrotate banner=”13″]