CVE-2020-3347 is a flaw found by Trustwave researcher Martin Rakhmanov that affects Cisco WebEx client software for Windows before version 40.60.0. Because WebEx relies on multiple processes, it shares some memory between them. What Rakhmanov found is that any logged-in Windows user could search for specific memory mapped files in use by Cisco’s WebEx client and dump the contents. One of them, WBXTRA_TRACE_FILE_EX, contained a token that could be used to impersonate the currently authenticated WebEx user. Cisco’s Product Security Incident Response Team (PSIRT) was not aware of any abuse as of the June 17th advisory.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.