Vulnerability in Cisco Webex cloud service exposed government authorities, companies

05-June-24

A vulnerability in Cisco Webex’s cloud service exposed sensitive information about past and future meetings for various organizations, including Germany’s Federal Office for Information Security, the Bundestag, and authorities in several European countries. Discovered by Netzbegrünung and reported by Eva Wolfangel, the flaw allowed unauthorized access to metadata through non-random meeting IDs, similar to a previously found issue in self-hosted Webex instances. This bug, which persisted for months or years, was exacerbated by an improperly configured mobile view, enabling easy metadata retrieval via a web browser. Cisco has since fixed the issue by late May 2024, addressing the security gap globally.

Read More…