Cisco recently addressed vulnerabilities that were used to compromise the German government’s Webex meetings. In early May, it was revealed that threat actors exploited vulnerabilities in the implementation of Cisco Webex software by the German government. This comes after a previous incident in March where Russian-linked actors hacked into a military meeting discussing military support for Ukraine. Cisco identified errors in Cisco Webex Meetings that were being exploited to allow unauthorized access to meeting information and metadata in certain hosted customers in their Frankfurt data center. Experts believe that an insecure direct object reference (IDOR) vulnerability was exploited by threat actors to access internal Webex meetings, allowing them to spy on sensitive information. It was discovered that some high-ranking official meeting rooms were not password protected, further compromising security.
Cisco has confirmed that the vulnerability has been fixed and fully deployed worldwide as of May 28, 2024. They have notified customers who were affected by attempts to access meeting information and metadata and have not observed any further exploitation since the fix was implemented. The company is continuing to investigate the incident and monitor for any unauthorized activity, providing updates through regular channels as necessary.
Overall, this incident highlights the importance of addressing vulnerabilities promptly to prevent unauthorized access to sensitive information. The German government’s use of a local version of Webex did not protect them from exploitation, emphasizing the need for robust security measures in all implementations of software. Cisco’s response to the incident demonstrates their commitment to resolving security issues and protecting their customers from potential threats. As the investigation continues, it will be important for all parties involved to remain vigilant and proactive in addressing any potential security risks.
Article Source
https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html?amp