Cisco Security Advisory
-
In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024.
Cisco has notified those customers who had observable successful attempts to access meeting information and metadata based on available logs. Since the bugs were patched, Cisco has not observed any further attempts to obtain meeting data or metadata leveraging the bugs.
Our investigation is ongoing, and we continue to monitor for unauthorized activity. We will provide updates, if necessary, through regular channels.
Cisco Webex Meetings customers should continue to monitor regular support channels for further communication and are encouraged to use those channels for further questions. As always, Cisco will communicate through established channels.
Cisco welcomes the opportunity to engage with customers and the security community to enhance security across the industry.
For a detailed list of security capabilities for Personal Meeting Rooms, the PSTN dial-in option for Cisco Webex Meeting hosts, and Cisco Webex administrators, see Best practices for secure meetings: hosts and Webex best practices for secure meetings: Control Hub.
-
A workaround is not needed; the issue is corrected.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessVersion Description Section Status Date 1.1 Updated summary. Summary Interim 2024-JUN-05 1.0 Initial public release. — Interim 2024-JUN-04
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.