Cisco engineers have prepared fixes for three vulnerabilities (CVE-2020-3441, CVE-2020-3471 and CVE-2020-3419) to your Webex conference app. Bugs allowed outsiders to join the conference and stay in the chat even after being kicked.
Vulnerabilities were discovered by company engineers IBMwhen they audited the tools the company used during the coronavirus pandemic. The researchers say that the vulnerabilities allowed an attacker to join someone else's conference as a ghost user that other chat participants could not see. In doing so, a hacker could gain access to audio and video content, chat itself, and other Webex features.
Moreover, the attacker could remain in the chat even if he was kicked, and this allowed the attacker to collect information about users, such as their full names, email addresses, IP addresses.
The IBM specialists explain that the bugs were related to the implementation of the handshake process. For example, attackers who know the URL of a conference can connect to the Webex server, send modified packets, and manipulate the server to access the conference and collect information about the conference participants. A video demonstration of the attack can be seen below.
During testing, the researchers were able to make the vulnerabilities work in macOS, Windows, Webex Meetings for iOS, and the Webex Room Kit.
Fortunately, these problems only worked if the attacker knew the URL of the scheduled meeting, as well as the unique Webex Personal Room URLs. Experts point out that attacking a Webex Personal Room may be even easier, as their addresses are built on a predictable combination of characters based on the name of the “room” owner and the name of the organization.