Cisco Patches Up Vulnerability in Webex That Risked Meeting Data


The Webex vulnerability discovered by a security research expert at Trustwave SpiderLabs that could have triggered threat actors to steal sensitive information like meeting host url, usernames and authentication tokens is now addressed.

Cisco recently published details of a vulnerability that exposed sensitive information to authenticated attackers on Webex collaboration and communication platform. By exploiting the CVE-2020-3347Opens a new window vulnerability, an attacker could gain accessOpens a new window to information such as usernames, meeting information, or authentication tokens.

CVE-2020-3347 has a CVSS score of 5.5Opens a new window , which puts it under ‘Medium’ severity. Nevertheless, we recommend users to upgrade their Webex desktop client to version 40.6.0 wherein the vulnerabilityOpens a new window has been patched. All versions of Cisco Webex for Windows prior to v40.6.0 are affected by this vulnerability. However, Webex applications for MacOS, Android or iOS are not affected by the vulnerabilityOpens a new window .

Cisco explains in their advisory that the vulnerability is related to the use of shared memory space within the Windows OS environment, that can also be used by other applications. It goes, “Cisco Webex Meetings Desktop App uses shared memory to exchange information with the Windows operating system and other applications. The software may store sensitive information—such as usernames, meeting information, and authentication tokens—in this shared memory space.”

Tech News: HITRUST’s Newest Release to Help Organizations Meet Evolving Regulatory EnvironmentOpens a new window

Any malicious actor with access to the shared memory, making him the local attacker, could get their hands on the sensitive information stored by Webex desktop client by executing a process to monitor unprotected mapped files on said memory.

Martin Rakhmanov, Security Research Manager at Trustwave SpiderLabs initially reported the vulnerability on April 23. He citedOpens a new window the popularity of Cisco Webex and the “explosion of video conferencing and messaging software usage” due to COVID-19 as the reason why he started his research to “see how secure the platform is”.

Rakhmanov explained that the attacker could impersonate the victim by logging on and host meetings with their credentials and meeting host URL traced through a session on unprotected memory-mapped files. The said session is:


He presented a proof of concept and worked with Cisco to get the vulnerability patched.

Proof of concept:

Rakhmanov summarized, “In an attack scenario, any malicious local user or malicious process running on a computer where WebEx Client for Windows is installed can monitor the memory mapped file for a login token. Once found the token, like any leaked credentials, can be transmitted somewhere so that it can be used to login to the WebEx account in question, download Recordings, view/edit Meetings, etc.”

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!