Home Security Cisco Patched High-Severity Flaws In Webex Meetings Desktop App

Cisco Patched High-Severity Flaws In Webex Meetings Desktop App

by ethhack

Cisco recently issued numerous security fixes for bugs affecting a range of products. These also include some high-severity flaws in the Webex Meetings Desktop app.

Serious Bug In Webex Meetings App For Mac

Cisco has addressed a high-severity flaw that affected the Webex Meetings Desktop app for Mac. This bug existed in the update feature of the app that, upon exploitation, could allow remote code execution.

As explained in their advisory,

The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website.

Cisco labeled this one, CVE-2020-3342, as a high-severity bug achieving a CVSS score of 8.8. It affected all lockdown versions of the Mac before the Release 39.5.11. Users may update to the Mac app release 39.5.11 or later to address the vulnerability.

Other Webex Meetings Desktop App Flaws

Apart from the above, Cisco also patched two more high-severity flaws in the Webex Meetings Desktop app.

One of these, CVE-2020-3263, existed due to improper input validation supplied to app URLs. An adversary could exploit the flaw by luring the user to follow a malicious URL. Hence, the adversary could execute other programs already installed on the victim’s device.

Cisco patched this flaw with the Webex Desktop app release 40.1.0 and later, and lockdown versions 39.5.12 and later.

Besides, the other vulnerability, CVE-2020-3361, existed due to a lack of proper validation of authentication token by a Webex website. As a result, an adversary could gain access to the target site with the same privileges as that of the victim.

Cisco has assured no public exploitation of these flaws earlier. Nonetheless, now that the details are out, users must ensure updating to the latest patched versions available.

For details about all the patches rolled out this week, click here to visit the list of Cisco security advisories.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment