A vulnerability, which was classified as problematic, has been found in Cisco Webex Meetings Client, Webex Meetings Desktop App and Webex Teams (Unified Communication Software) (affected version not known).
Some companies prefer to find a physical conference space for face-to-face meetings rather than using a video-based alternative like WebEx. However, did you know that 40% of employees waste 30 minutes every day just trying to find that meeting room?
With the help of virtual meetings from WebEx, you can hold collaborative meetings via mobile devices, Macs, or Windows desktops with an ease of use unlike offline meetings. We’ve put together a Webex review covering features, pricing, plans, and support so that you can get a feel for what WebEx offers before you add this tool to your company’s VoIP system.
Affected by this issue is an unknown functionality of the component Media Engine. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.
The weakness was disclosed 09/04/2020 as cisco-sa-webex-media-znjfwHD6 as confirmed advisory (Website). The advisory is available at tools.cisco.com .
This vulnerability is handled as CVE-2020-3541 since 12/12/2019. Local access is required to approach this attack. The successful exploitation needs a simple authentication. The technical details are unknown and an exploit is not available.
Upgrading eliminates this vulnerability.