"Cisco Webex Bugs Allow Attackers to Join Meetings as Ghost Users"
Security researchers from IBM discovered three vulnerabilities in the Cisco Webex video conferencing app. When combined, these vulnerabilities can allow an attacker to join a Webex meeting with full access to audio, video, chats, and screen sharing while invisible to other participants. The exploitation of these vulnerabilities could also allow an attacker to remain in the Webex meeting as a ghost user even after they are kicked out. As attackers join meetings as ghost users, they can gather information about meeting participants such as their names, email addresses, and IP addresses. According to the IBM researchers, these vulnerabilities derive from the handshake process that occurs when new Webex meetings are established. The researchers were able to demonstrate the abuse of these bugs on macOS, Windows, and the iOS versions of Cisco Webex Meetings applications. This article continues to discuss the Cisco Webex bugs regarding where they come from and what their exploitation could allow attackers to do.
ZDNet reports "Cisco Webex Bugs Allow Attackers to Join Meetings as Ghost Users"