The impact of this issue announcement is medium. Please act accordingly to rectify the issue, as stated below.
Versions earlier than 40.7.0 of Cisco Webex Meetings.
What you need to know:
A vulnerability was found in the Contacts Handler component of Cisco Webex Meetings. This vulnerability will allow an authenticated and remote attacker to have access to sensitive information like usernames and email addresses.
The versions earlier than 40.7.0 of Cisco Webex Meetings, which are cloud–based, are affected by this vulnerability.
It was confirmed by Cisco that the Cisco Web Meetings Server is not affected.
Actions to be taken:
To address this vulnerability, Cisco released 40.7.0 of Cisco Webex Meeting (cloud-based). Users need to make sure that they are using this version 40.7.0 and later of Cisco Webex Meetings.
What is the impact of not doing the actions?
A successful attack may lead to contact information disclosure.