In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers hosted in our Frankfurt data center. These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024.
Cisco has notified those customers who had observable attempts to access meeting information and metadata based on available logs. Since the bugs were patched, Cisco has not observed any further attempts to obtain meeting data or metadata leveraging the bugs.
Our investigation is ongoing, and we continue to monitor for unauthorized activity. We will provide updates, if necessary, through regular channels.
Cisco Webex Meetings customers should continue to monitor regular support channels for further communication and are encouraged to use those channels for further questions. As always, Cisco will communicate through established channels.
Cisco welcomes the opportunity to engage with the security community to enhance security across the industry.
For a detailed list of security recommendations for Cisco Webex Meeting hosts and Cisco Webex administrators, see Best practices for secure meetings: hosts and Webex best practices for secure meetings: Control Hub.
Security Impact Rating: Informational
Source:: Cisco Security Advisories