Do you rely on Cisco’s Webex Meetings app for video conferencing?
If so, be advised that the company found and addressed a pair of high severity security flaws that could allow hackers to remotely execute code on vulnerable machines.
The two issues are being tracked as CVE-2020-3263 and CVE-2020-3342.
They impact Cisco Webex Meetings Desktop App releases 39.5.12 and earlier. They also impact lockdown versions of Cisco Webex Meeting Desktop App for the Mac, version 39.5.11 and earlier.
In both cases, the issue revolves around an improper input validation of URLs. If an attacker can supply a URL and trick a recipient into clicking on it, it could result in the total compromise of the machine. If there’s a silver lining to the recent discovery, it is that as long as you don’t click on links provided to you by unknown and untrusted sources, your risk is minimal.
This is the second time in recent memory that Ciscos has had to rush to patch Webex. Late last year, Cisco discovered and patched the Windows version of the app that could have allowed local attackers to escalate privileges and execute commands with SYSTEM user privileges.
Given the number of people currently relying heavily on video conferencing software with so many working from home due to the global spread of COVID-19, keeping whatever software you use up to date is more important than ever.
If your company makes use of Webex, be sure you’re running the latest version. If you’re not sure how to proceed, detailed instructions for updating the macOS version of the app can be found on Cisco’s website in an article entitled “Update the Cisco Webex Meetings Desktop App.” For Windows users, detailed instructions can be found in the “IT Administrator Guide for Mass Deployment of Cisco Webex Meetings Desktop App.”
