CVE-2021-1372

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Desktop App and Webex Productivity Tools (affected versions not specified)

Description The issue is related to errors in processing requests in the Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows, allowing an attacker to gain unauthorized access to protected information by running a specially designed application. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability, potentially retrieving sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.