Recently, a new vulnerability was discovered by the security experts at Cisco that allows hackers to obtain sensitive information on a vulnerable system.
Cisco Webex Meetings is a video conferencing app that allows us to schedule and participate in the meetings virtually; While Cisco Webex Meetings also supports presentations, recording, and screen sharing as well.
On April 23, the manager of Trustwave SpiderLabs security research, Martin Rakhmanov reported that the vulnerability that has been tracked by Cisco is named as CVE-2020-3347, and this flaw attacks the Cisco Webex Meetings Desktop App for Windows.
The vulnerability has occurred due to the unsafe practice of shared memory that is operated by the affected software. That’s why the threat actors with permissions to view system memory could misuse this vulnerability by operating an application on the local system created to recite all shared memory.
By exploiting this security flaw any hacker can easily get access to the sensitive information like:-
- E-mail account used as a login
- URL used to host meetings
According to the report of Cisco Webex, the vulnerability CVE-2020-3347 has affected many products, and to make more clear, they have also classified them in their brief report.
This new security flaw targeted the Cisco Webex Meetings Desktop App available for Windows releases earlier than 40.6.0. Rather than the Windows desktop app, there is no other affected product that this new vulnerability has targeted.
Cisco always recommends its customers that they should always consult with them while updating their software.
Moreover, they also suggest the users regarding the Cisco products that are accessible from the Cisco Security Advisories and Alerts page to fix the security flaw with an impeccable upgrade solution.
Every customer should ensure that the upgraded devices must hold adequate memory and verify that the current hardware and software configurations will proceed to be maintained suitably by the new update.
If the customers get any problem with the information, then they should contact them via the Cisco Technical Assistance Center (TAC).
Apart from this, Cisco Webex investigating the vulnerability and the whole matter once again to find and fix if any other clue or any different vulnerability still remains. They are also reviewing the product line to detect if any other product got affected or not.
The security experts have also detected a privilege escalation bug in the update service of the Cisco Webex Meetings Desktop App for Windows that could have allowed any attackers to get advanced privileges to perform the arbitrary commands with the SYSTEM rights.