“This is an interesting vulnerability. I wouldn’t necessarily consider it earth-shattering, however, organisations might want to patch this quickly. Why? Because this vulnerability will be leveraged by malicious insiders (insider threats) and targeted attacks. The vulnerability requires a malicious actor to already have an account on the machine or on the domain. If an attacker has this foothold already within an organisation’s network, this vulnerability could be used to gain or escalate privileges on very sensitive machines, such as those used by senior executives and such. Attackers focused on intellectual property theft and corporate espionage will find this vulnerability very useful, especially considering how common Webex is within enterprise organisations”.
Since Lane’s post, Cisco engineers have been hard at work trying to remedy the issue. Whilst this is ongoing, it has prompted further comment and speculation in the industry. Further research has since been posted from Ron Bowes and Jeff McJunkin, researchers at Counter Hack:
“The good news is, the patched version of this service will only run files that are signed by Webex,” the researchers wrote. “The bad news is, there are a lot of those out there (including the vulnerable version of the service), and the service can still be started remotely”.
This new discovery follows a bad September for Cisco. In which, the Webex platform suffered an outage for 7 days. The outage became such a serious issue for Cisco that Chuck Robbins, CEO at Cisco issued this statement:
“The Webex outage today is unacceptable, and we apologise for the disruption caused to you, our customers. Webex Meetings is now functional. Our engineers are working to restore Webex Teams and ensure this doesn’t happen again. Thank you for your patience & trust.”
All Webex services were down during this outage, including all Webex including Calling, Meetings, Control Hub, Hybrid Services, and Teams. The outage and the recently discovered vulnerability are not linked. However, both are causes for concern for enterprises heavily invested in Cisco.
Enterprise Collaboration Security
Security is a more of a concern than ever before. Only last year, global giant, Maersk suffered a cyber attack. Users were sent home and staff were without email and app access for over a week. The knock on effect of this shook the entire shipping industry. If small cracks like this Cisco vulnerability creep into enterprise collaboration, we could be looking at a rather negative scenario.
Webex Teams, and Cisco in general, is renowned for tight security. Via acquisitions and high grade security platforms and devices of their own, Cisco Webex Teams boasts a raft of security features.
Encryption, data retention policies and a ream of management and analytics at your disposal should be more than enough to keep your business secure.
The vulnerability is no reason to down tools and stop using Webex. All research has pointed to this being only a small issue. But, in the enterprise, any issue is an issue.