Pierluigi Paganini June 05, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government.

In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.  

In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine.

“In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers hosted in our Frankfurt data center.” reads the advisory published by the company.

Experts believe threat actors exploited an insecure direct object reference (IDOR) vulnerability to access internal Webex meetings. Threat actors gained access to information about the meeting, such as topics and participants, and spied on sensitive meetings, despite the German government decided to use an on-premises version of Webex.

The experts also discovered that some meeting rooms of high-ranking officials were not password-protected.

The IT giant now confirmed that the vulnerability exploited by the nation-state actors has been addressed.

“These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024.” continues the advisory.

Cisco notified customers who experienced observable attempts to access meeting information and metadata. Since the flaws were addressed, the company hasn’t observed any other attempts to exploit the vulnerabilities. The company added that the investigation is still ongoing and that they continuing to monitor for unauthorized activity, providing updates as needed through regular channels.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Germany)