Thursday 19 November 2020
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
- Cisco Webex Meetings apps releases 40.10.9 and earlier for iOS and Android
- 3.0MR Security Patch 4 and earlier
- 4.0MR3 Security Patch 3 and earlier
What you need to know:
CVE-2020-3419 could allow an unauthenticated remote attacker to join a Webex session without appearing in the participant list.
Actions to be taken:
No action is required for cloud based Cisco Webex Meeting sites.
Cisco Webex Meetings mobile apps are encouraged to update to 40.11 release and later to contain the fix for this vulnerability.
The following Cisco Webex Meeting Servers fixes were released:
- 3.0MR3 Security Patch 5
- 4.0MR3 Security Patch 4