CVE-2020-3142

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Suite sites versions prior to 39.11.5 Cisco Webex Meetings Online sites versions prior to 40.1.3

Description A vulnerability in Cisco Webex Meetings could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. This is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this by accessing a known meeting ID or meeting URL from the mobile device's web browser, which will then request to launch the device's Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting, and they will be visible in the attendee list as a mobile attendee.

Recommendations For Cisco Webex Meetings Suite sites versions prior to 39.11.5, update to version 39.11.5 or later. For Cisco Webex Meetings Online sites versions prior to 40.1.3, update to version 40.1.3 or later.