cisco-sa-webex-meetings-UtbwOR4Q: Cisco Webex Training Unauthorized Meeting Join Vulnerability
First published: Wed Sep 02 2020(Updated: )
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-meetings-UtbwOR4Q
Credit: Eric Merrill Oakland University
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco WebEx Training Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/type
- collector/cisco-advisory
- source/Cisco
- agent/title
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex training center