Cisco Webex Meetings Meeting Information and Metadata Issue June 2024
In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024. Cisco has notified those customers who we identified as being affected by this activity based on available access logs. Because we strive to retain access logs only as long as necessary to deliver the service and comply with applicable records retention requirements and data protection limits, our access logs are not retained indefinitely and are deleted on a rolling basis. Cisco does not have available access logs on the data set before May 6, 2024. Since the bugs were patched, Cisco has not observed any further successful attempts to obtain new meeting data or metadata leveraging the bugs. Our investigation is still ongoing, and Cisco is providing the following updates: Cisco believes with high confidence that the same actor involved in targeted research activity obtained a larger data set of meeting data prior to May 6, 2024. Cisco has been notified by a limited number of customers of successful attempts to dial into meetings from the Public Switched Telephone Network (PSTN) using meeting data that was retrieved prior to the deployment of bug fixes. In a successful PSTN dial-in, the actor identified themselves and stated the effort was to support security research. Cisco recommends that customers who have PSTN enabled for their scheduled meetings verify that they require passcodes for dial-in users. If not previously enabled, enabling a passcode will require the host to re-send the meeting invitation with the new passcode. For customers who have Personal Meeting Rooms (PMR) configured, Cisco recommends that customers verify that their lobby feature is enabled and configured as recommended in our best practices guidanc
Cisco Webex Meetings Meeting Information and Metadata Issue June 2024