Threat Watch

Cisco WebEx Flaw Lets Attackers Steal Authentication Tokens

CVE-2020-3347 is a flaw found by Trustwave researcher Martin Rakhmanov that affects Cisco WebEx client software for Windows before version 40.60.0. Because WebEx relies on multiple processes, it shares some memory between them. What Rakhmanov found is that any logged-in Windows user could search for specific memory mapped files in use by Cisco’s WebEx client and dump the contents. One of them, WBXTRA_TRACE_FILE_EX, contained a token that could be used to impersonate the currently authenticated WebEx user. Cisco’s Product Security Incident Response Team (PSIRT) was not aware of any abuse as of the June 17th advisory.

ANALYST NOTES

Fortunately, this flaw is not remotely exploitable, but that shouldn’t mean it should be ignored. Binary Defense strongly recommends all users of Cisco WebEx update to the latest version available as soon as possible. Keeping up with software and operating system updates should be a regular part of every organization’s security lifecycle.

Source: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cisco-webex-memory-for-the-taking-cve-2020-3347/