CVE-2020-3347 is a flaw found by Trustwave researcher Martin Rakhmanov that affects Cisco WebEx client software for Windows before version 40.60.0. Because WebEx relies on multiple processes, it shares some memory between them. What Rakhmanov found is that any logged-in Windows user could search for specific memory mapped files in use by Cisco’s WebEx client and dump the contents. One of them, WBXTRA_TRACE_FILE_EX, contained a token that could be used to impersonate the currently authenticated WebEx user. Cisco’s Product Security Incident Response Team (PSIRT) was not aware of any abuse as of the June 17th advisory.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security