A flaw in the shared memory access of Cisco Webex meetings App for Desktop was reported as medium vulnerability as CVE-2020-3347. This was classified as medium by the networking giant Cisco, as only authenticated users can take the leverage of this flaw. Basically, allowed an attacker who already had authenticated access on a system in order to access and retrieve the information from the shared location.
Cisco Webex Meetings is a video conferencing and online meeting software for scheduling and joining meetings, with support for presentations, screen sharing, and recording.
This vulnerability was reported by Trustwave SpiderLabs Security Research Manager Martin Rakhmanov in April to Cisco. Sensitive information regarding meetings and other users’ credentials and tokens can be obtained using this flaw.
Rakhmanov has found that the improperly secured trace files contain e-mail accounts to log in, the URL used to host meetings, as well as the WebExAccessToken, information that can be used by attackers “to impersonate the user and get access to the WebEx account”. This shared memory access is vulnerbale in Windows OS as it is used for exchanging information with Cisco Webex meetings.
Karl Sigler, senior security research manager at Trustwave’s SpiderLabs, says an attacker would not necessarily need to be logged in to a machine directly to take advantage of the Webex flaw. “They could craft malware that when implanted on the victim’s system could constantly monitor for Webex tokens,” he says. “That would give the attacker access to upcoming meetings, past meetings, and any existing meeting recordings. All of this could leak confidential information to an attacker.”
Cisco Webex Meetings Desktop App for Windows releases earlier than 40.6.0
Yet, there are no workarounds that address this vulnerability.
References & Sources: