In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024.
Cisco has notified those customers who we identified as being affected by this activity based on available access logs. Because we strive to retain access logs only as long as necessary to deliver the service and comply with applicable records retention requirements and data protection limits, our access logs are not retained indefinitely and are deleted on a rolling basis. Cisco does not have available access logs on the data set before May 6, 2024.
Since the bugs were patched, Cisco has not observed any further successful attempts to obtain new meeting data or metadata leveraging the bugs.
Our investigation is still ongoing, and Cisco is providing the following updates:
- Cisco believes with high confidence that the same actor involved in targeted research activity obtained a larger data set of meeting data prior to May 6, 2024.Cisco has been notified by a limited number of customers of successful attempts to dial into meetings from the Public Switched Telephone Network (PSTN) using meeting data that was retrieved prior to the deployment of bug fixes.In a successful PSTN dial-in, the actor identified themselves and stated the effort was to support security research.
Cisco recommends that customers who have PSTN enabled for their scheduled meetings verify that they require passcodes for dial-in users. If not previously enabled, enabling a passcode will require the host to re-send the meeting invitation with the new passcode.
For customers who have Personal Meeting Rooms (PMR) configured, Cisco recommends that customers verify that their lobby feature is enabled and configured as recommended in our best practices guidance (see below). This will require unauthenticated and external meeting participants to wait in a virtual lobby unless and until the host directly admits them to the meeting.
Customers are advised to review meeting information and metadata that may have been obtained before the bug fix was fully implemented worldwide as of May 28, 2024, and assess the risk for their deployments.
Cisco Webex Meetings customers should continue to monitor regular support channels for further communication and are encouraged to use those channels for further questions. As always, Cisco will communicate through established channels.
Cisco welcomes the opportunity to engage with customers and the security community to enhance security across the industry.
For a detailed list of security capabilities for Personal Meeting Rooms, the PSTN dial-in option for Cisco Webex Meeting hosts, and Cisco Webex administrators, see Best practices for secure meetings: hosts and Webex best practices for secure meetings: Control Hub.
Obtaining Additional Support
For general security and support concerns about Cisco products and cloud-hosted services, the Cisco Technical Assistance Center (TAC) can provide configuration and technical assistance. The Cisco TAC can also help with nonsensitive security incidents and software upgrades for security bug fixes. TAC Support Worldwide contact information.
Security Impact Rating: Informational
