June 5, 2024 at 06:00AM
Cisco released a security advisory following reports that the German government’s use of Cisco Webex was compromised. Vulnerabilities in the on-premises version of Webex allowed access to internal meetings and high-ranking officials’ rooms, potentially exposing sensitive information. The German government took its Webex instance offline and Cisco has released patches to address the issue.
The meeting notes provide an overview of a security incident involving the German government’s use of Cisco Webex that resulted in the exposure of sensitive meeting information and potential breaches of security. It includes details about vulnerabilities in the implementation of the software, the potential exploitation of insecure direct object reference (IDOR) vulnerability, and the actions taken by the German government and Cisco in response to the issue.
Key Takeaways:
1. The German government’s Webex meetings were exposed due to vulnerabilities in their implementation of the on-premises version of Cisco Webex, potentially allowing unauthorized access to highly sensitive information.
2. Researchers discovered an insecure direct object reference (IDOR) vulnerability that could have been exploited to obtain links to thousands of internal Webex meetings and personal meeting rooms of high-ranking officials, including those discussing military activities.
3. In response to the discovery of the vulnerabilities, the German government blocked access to the exposed meeting rooms and took its Webex instance offline.
4. Cisco acknowledged the incident and released patches, addressing the identified bugs and implementing a fix worldwide. They have also notified affected customers and continue to monitor for unauthorized activity.
The notes also include additional information on related incidents involving Russia, as well as diplomatic actions taken by Germany in response to cyber espionage.