Cisco releases patch for IDOR flaw in Webex that leaks meeting metadata
Learn More
Cisco has released a security advisory on June 4, 2024, addressing vulnerabilities in its Webex video conferencing software that reportedly exposed the German government’s internal meetings. The advisory followed media reports, particularly from the German publication Zeit Online, about potential exploitation of these vulnerabilities, which could have allowed adversaries to access highly sensitive information.
The German government has been using an on-premises version of Cisco Webex to store data locally and ensure it remains within the country. However, researchers found an insecure direct object reference (IDOR) vulnerability. This flaw allowed the links to thousands of internal Webex meetings to be obtained simply by altering the numbers in a meeting link. The exposure included:
- Meeting topics
- Times
- Participants
- Sensitive sessions discussing military activities
Additionally, personal meeting rooms of high-ranking officials were not protected by passwords, making them easily accessible to adversaries, who could potentially obtain classified information.
In early March, Russia publicly released an audio recording of a German military meeting held on the Webex platform. It remains unclear whether this release is directly connected to the identified vulnerabilities.
Upon discovering these security issues, the German government blocked access to the exposed meeting rooms and took its Webex instance offline.
In its security advisory, Cisco detailed its response to the incident. The company identified the bugs in early May 2024, which were being exploited in targeted security research activities. These bugs allowed unauthorized access to meeting information and metadata for certain customers hosted in Cisco’s Frankfurt data center. C
Cisco has not specified the flaw, but claims to have patched the identified vulnerabilities, and implemented a worldwide fix by May 28, 2024 Cisco is now notifying affected customers about observable attempts to access their meeting information and metadata based on available logs
Cisco claims that since patching the vulnerabilities, there have been no further attempts to exploit these bugs. The company continues to monitor for any unauthorized activity and is prepared to provide updates through regular communication channels.
