While Scrolling the News, I found that the Cisco Webex Meeting App for the Windows user that allows authentication for the local attacker to gain access to the sensitive information on a vulnerable system.
The Vulnerability which was tracked is CVE-2020-3347 and this happened due to unsafe usage of shared memory of the Cisco Webex app.
From the Report of Trustwave SpiderLabs Security who said that the vulnerability which they discovered, if a user configured the client which has several memory-mapped files that are not protected from reading or writing.
“The Malicious user can open and dump the content of the file if they long to the machine. The simply put another user and can loop all the sessions and try to open, read and save interesting content for the future disturbance”
“The Vulnerability can be exploited by an attacker who has access to the system memory and this happens by running application on the local system”
If the exploitation of the vulnerability succeeds then it allows the attackers to retrieve sensitive information from the shared memory which includes usernames, meeting information, or authentication tokens that could help the attackers of the future attacks.
Cisco Webex meeting Desktop App for the Windows release earlier than 40.6.0 is affected with the same vulnerability and how cisco has released the patches and recommends the user to update the Cisco Webex application.
“After considering the software upgrades the customers also advised to regularly consult the advisories for cisco product which are available from the Cisco security advisories and alert page which determine the exposure and complete upgrade solution”
The Cisco Product Security Incident Response Team said the “they not aware of any malicious use of the vulnerability that is mentioned by the advisory”
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.
