New Cisco Webex vulnerability exposes authentication tokens

Trustwave SpiderLabs found out a Cisco Webex memory vulnerability that could enable an attacker to obtain access to delicate details this sort of authentication tokens.

The vulnerability, assigned as CVE-2020-3347 in the disclosure, was uncovered by Martin Rakhmanov, stability investigation supervisor at Trustwave SpiderLabs. It affects all versions of Cisco Webex by forty.6. Rakhmanov introduced an advisory Thursday on the vulnerability and mitigation.

Cisco worked on an escalated agenda to get the patch out due to the fact they knew the severity of the flaw, Trustwave senior menace intelligence supervisor Karl Sigler mentioned.

Encouraged by a surge in online video conferencing, Trustwave SpiderLabs scientists made a decision to analyze Webex, a single of the most popular online video and messaging tools on the marketplace, according to Sigler.

“The principal concern with this vulnerability is that there is a perform in how Cisco Webex operates the place incredibly private, incredibly delicate details is saved in memory to an unprotected point out, so any basic user, visitor user, regular user account would have access to be able to dump that delicate details,” Sigler mentioned. “That would enable them to hear in on Webex meetings, past Webex meetings and in essence impersonate the particular person whose details they stole out of memory.”

Cisco Webex is a popular solution, in particular amongst organization corporations, Sigler mentioned. However, to get edge of this vulnerability, the victim’s program would have to have an active Webex account, particularly for Home windows the vulnerability won’t impact Webex for MacOS, iOS and Android.

The victim in this scenario would have to have an active Webex account and an active Webex application for an assault to be thriving.

“The attacker would require to have access to that program in some type or vogue, this sort of as logging in by a distant session and currently have a presence on the program,” Sigler mentioned. “It could also be that they are pushing malware out as kind of their proxy so an attacker would incredibly effortlessly acquire malware that is specialised for this objective. And if they can trick the victim into installing the malware, the malware could just sit on the program indefinitely just checking memory with individuals Webex tokens and just sending them again to the attacker just exfiltrating that details to the attacker.”

From there, malicious users could access new meetings and recordings and receive private details.

Trustwave disclosed the vulnerability to Cisco on April 23 a patch was introduced Wednesday, and Trustwave and Cisco suggest updating Webex clientele to version forty.6.. Trustwave mentioned there are no indications the Webex vulnerability has been exploited in the wild.

No subject which online video conferencing program corporations use, Sigler mentioned there are methods to get to maximize stability this sort of as building passwords for unique meetings.

“I assume that corporations that do their individual due diligence to search at former vulnerabilities, determine out how infrastructure operates, how their workforce are laid out — no matter if they are scattered remotely or positioned in a single location — all of individuals issues go into selection-generating for which conferencing application to use, as lengthy as corporations have a system to speedily deploy patches and make sure users are up to date on the most present version and to make sure their users are mindful of social engineering attacks that are present appropriate now,” Sigler mentioned.