Cisco issued a security advisory after it was reported that vulnerabilities in the German government’s use of Cisco Webex could allow adversaries to access sensitive information. The German government used an on-premises version of Webex to keep data local, but an IDOR vulnerability allowed easy access to meeting links by altering link numbers. This exposed critical meeting details, including those of high-ranking officials’ rooms, which were not password-protected.
The issue came to light when Russia publicly released a recording of a German military meeting on Webex, raising concerns about the security of the platform. In response, the German government took its Webex instance offline and blocked access to compromised meeting rooms to prevent further breaches.
Cisco addressed the vulnerability by releasing patches and stated that the bugs were fully fixed by late May 2024. They have notified affected customers and, since the patches, have not observed any further unauthorized access attempts using the identified vulnerabilities.
The incident highlights the importance of robust security measures in video conferencing tools, especially when used for sensitive governmental discussions. Cisco continues to monitor for any unauthorized activity to ensure the safety and security of their Webex platform for all users.
Reference:
