WebEx is a video conferencing tool powered by CISCO.
With COVID-19 wreaking havoc globally, working from home is the new norm. With this, it is only natural that video conferencing tools have gained widespread adaptation ranging from the famed Zoom to Microsoft Teams.
This, though also has brought greater attention to these tools with the value they represent to attackers and therefore vulnerabilities within them are being found every day, some by the attackers themselves and some by concerned security researchers.
A case of the latter has emerged just recently when a researcher named Martin Rakhmanov from Trustwave went on to discover a critical flaw in Cisco WebEx, another major video conferencing tool in the industry.
Identified as CVE-2020-3347; the vulnerability was found on WebEx’s Meeting client on Windows with version 40.4.12.8.
“Once the application is installed, it adds a tray app that is started once a user logs on and has some dependent processes launched as well at that time,” states Martin. With this, if the default option of the client logging in automatically is enabled, it allows an attacker to unauthorizedly read and write a trace file which can be very dangerous in terms of security.
The reason is that the file contains the em ..
Support the originator by clicking the read the rest link below.
