Vulnerability in Cisco Webex cloud service exposed government authorities, companies

A vulnerability in Cisco Webex’s cloud service exposed sensitive information about past and future meetings for various organizations, including Germany’s Federal Office for Information Security, the Bundestag, and authorities in several European countries. Discovered by Netzbegrünung and reported by Eva Wolfangel, the flaw allowed unauthorized access to metadata through non-random meeting IDs, similar to a previously found issue in self-hosted Webex instances. This bug, which persisted for months or years, was exacerbated by an improperly configured mobile view, enabling easy metadata retrieval via a web browser. Cisco has since fixed the issue by late May 2024, addressing the security gap globally.

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

05-June-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address