cisco-sa-cma-turn-crdls-RHjSzKXn: Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability
First published: Wed Jul 15 2020(Updated: )
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cma-turn-crdls-RHjSzKXn
Credit: Muhammad Ra'fat. Cisco would also like to thank John Bergvall Mividas Video Solutions for individually reporting this vulnerability
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/event
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex meetings