-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2116.4
             Cisco Webex Meetings Desktop App Vulnerabilities
                              12 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Webex Meetings Desktop App
Publisher:         Cisco Systems
Operating System:  Cisco
                   Windows
                   Mac OS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Confidential Data        -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-3347 CVE-2020-3342 CVE-2020-3263

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt

Revision History:  August 12 2020: Updated fcmpdfVY to advisory v1.1
                   July    8 2020: Fixed software section for NBmqM9vt has been updated
                   June   24 2020: Vendor provided information update to NBmqM9vt
                   June   18 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Webex Meetings Desktop App and Webex Meetings Client URL Filtering
Arbitrary Program Execution Vulnerability

Priority:        High

Advisory ID:     cisco-sa-webex-client-url-fcmpdfVY

First Published: 2020 June 17 16:00 GMT

Last Updated:    2020 August 11 16:29 GMT

Version 1.1:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvs52337

CVE-2020-3263    

CWE-20

CVSS Score:
7.5  AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in Cisco Webex Meetings Desktop App and Cisco Webex
    Meetings Client could allow an unauthenticated, remote attacker to execute
    programs on an affected end-user system.

    The vulnerability is due to improper validation of input that is supplied
    to application URLs. The attacker could exploit this vulnerability by
    persuading a user to follow a malicious URL. A successful exploit could
    allow the attacker to cause the application to execute other programs that
    are already present on the end-user system. If malicious files are planted
    on the system or on an accessible network file path, the attacker could
    execute arbitrary code on the affected system.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-url-fcmpdfVY

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco Webex Meetings Desktop App and Cisco Webex
    Meetings Client releases earlier than Release 39.5.12.

    To determine which release of Cisco Webex Meetings Desktop App is installed
    on a system, see the Check the Cisco Webex Meetings Desktop App Version 
    help article.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in Cisco Webex Meetings Desktop App and
    Cisco Webex Meetings Client releases 40.1.0 and later. For lockdown
    versions of Cisco Webex Meetings Desktop App and Cisco Webex Meetings
    Client, Cisco fixed this vulnerability in releases 39.5.12 and later.

    Administrators can update the Cisco Webex Meetings Desktop App for their
    user bases by following the instructions in the IT Administrator Guide for
    Mass Deployment of the Cisco Webex Meetings Desktop App .

    Users can update the Cisco Webex Meetings Desktop App by following the
    instructions in the Update the Cisco Webex Meetings Desktop App article.

    Users can update the Cisco Webex Meetings Client by following the
    instructions in the Download the Webex Client article.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Action Links for This Advisory

  o Snort Rule 54358
    Snort Rule 54359
    Snort Rule 54360
    Snort Rule 54361
    Snort Rule 54362
    Snort Rule 54363
    Snort Rule 54364
    Snort Rule 54365
    Snort Rule 54366
    Snort Rule 54367
    Snort Rule 54368
    Snort Rule 54369
    Snort Rule 54370
    Snort Rule 54371
    Snort Rule 54372
    Show All 15...

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-url-fcmpdfVY

Revision History

  o +---------+----------------------+-----------------+--------+-------------+
    | Version |     Description      |     Section     | Status |    Date     |
    +---------+----------------------+-----------------+--------+-------------+
    |         | Updated the title    | Title, Summary, |        |             |
    | 1.1     | and several sections | Vulnerable      | Final  | 2020-AUG-11 |
    |         | to include Webex     | Products, and   |        |             |
    |         | Meetings Client.     | Fixed Software  |        |             |
    +---------+----------------------+-----------------+--------+-------------+
    | 1.0     | Initial public       | -               | Final  | 2020-JUN-17 |
    |         | release.             |                 |        |             |
    +---------+----------------------+-----------------+--------+-------------+



- --------------------------------------------------------------------------------


Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution
Vulnerability

Priority:        High

Advisory ID:     cisco-sa-webex-client-mac-X7vp65BL

First Published: 2020 June 17 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

Cisco Bug IDs:   CSCvq03838

CVE-2020-3342    

CWE-295

CVSS Score:
8.8  AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the software update feature of Cisco Webex Meetings
    Desktop App for Mac could allow an unauthenticated, remote attacker to
    execute arbitrary code on an affected system.

    The vulnerability is due to improper validation of cryptographic
    protections on files that are downloaded by the application as part of a
    software update. An attacker could exploit this vulnerability by persuading
    a user to go to a website that returns files to the client that are similar
    to files that are returned from a valid Webex website. The client may fail
    to properly validate the cryptographic protections of the provided files
    before executing them as part of an update. A successful exploit could
    allow the attacker to execute arbitrary code on the affected system with
    the privileges of the user.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-mac-X7vp65BL

Affected Products

  o Vulnerable Products

    This vulnerability affects lockdown versions of Cisco Webex Meetings
    Desktop App for Mac earlier than Release 39.5.11.

    To determine which release of Cisco Webex Meetings Client for Mac is
    installed on a system, see the Check the Cisco Webex Meetings Desktop App
    Version help article.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco Webex Meetings Desktop App for Windows is not affected by this
    vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in lockdown versions of Cisco Webex Meetings
    Desktop App for Mac releases 39.5.11 and later.

    Administrators can update the Cisco Webex Meetings Desktop App for their
    user bases by following the instructions available in the IT Administrator
    Guide for Mass Deployment of the Cisco Webex Meetings Desktop App .

    Users can update the Cisco Webex Meetings Desktop App by following the
    instructions in the Update the Cisco Webex Meetings Desktop App article.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found by Nick Mooney of Cisco Duo Security Labs
    during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-mac-X7vp65BL

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUN-17  |
    +----------+---------------------------+----------+--------+--------------+


- --------------------------------------------------------------------------------


Cisco Webex Meetings Desktop App for Windows Shared Memory Information
Disclosure Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-webex-client-NBmqM9vt

First Published: 2020 June 17 16:00 GMT

Last Updated:    2020 July 7 14:28 GMT

Version 1.3:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvt99384

CVE-2020-3347    

CWE-200

CVSS Score:
5.5  AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

  o A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow
    an authenticated, local attacker to gain access to sensitive information on
    an affected system.

    The vulnerability is due to unsafe usage of shared memory that is used by
    the affected software. An attacker with permissions to view system memory
    could exploit this vulnerability by running an application on the local
    system that is designed to read shared memory. A successful exploit could
    allow the attacker to retrieve sensitive information from the shared
    memory, including usernames, meeting information, or authentication tokens
    that could aid the attacker in future attacks.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-NBmqM9vt

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected Cisco Webex
    Meetings Desktop App for Windows releases earlier than 40.4.12 and 40.6.0.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Details

  o Cisco Webex Meetings Desktop App uses shared memory to exchange information
    with the Windows operating system and other applications. The software may
    store sensitive information-such as usernames, meeting information, and
    authentication tokens-in this shared memory space. Other users on the local
    system could retrieve this information from within the shared memory space
    and use it for additional attacks.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, the following releases contained the fix for
    this vulnerability:

    Cisco Webex Product                       Fixed Release
    Cisco Webex Meetings Desktop App for      40.4.12 and later
    Windows                                   40.6.0 and later
    Cisco Webex Meetings Desktop App for      39.5.26 and later
    Windows, lockdown versions
                                              3.0 MR3 SecurityPatch 3 and later
    Cisco Webex Meetings Server               4.0 MR3 Security Patch 2 and
                                              later

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is aware that
    proof-of-concept exploit code is available for the vulnerability that is
    described in this advisory.

    The Cisco PSIRT is not aware of any malicious use of the vulnerability that
    is described in this advisory.

Source

  o Cisco would like to thank Martin Rakhmanov of Trustwave for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-webex-client-NBmqM9vt

Revision History

  o +---------+---------------------------+------------+--------+-------------+
    | Version |        Description        |  Section   | Status |    Date     |
    +---------+---------------------------+------------+--------+-------------+
    |         | Added update information  | Fixed      |        |             |
    | 1.3     | for Cisco Webex Meetings  | Software   | Final  | 2020-JUL-07 |
    |         | Server.                   |            |        |             |
    +---------+---------------------------+------------+--------+-------------+
    |         | Included additional fix   | Vulnerable |        |             |
    | 1.2     | information for the Cisco | Products,  | Final  | 2020-JUN-23 |
    |         | Webex Desktop App release | Fixed      |        |             |
    |         | 40.4.12.                  | Software   |        |             |
    +---------+---------------------------+------------+--------+-------------+
    |         | Clarified affected        |            |        |             |
    | 1.1     | versions of Cisco Webex   | Affected   | Final  | 2020-JUN-17 |
    |         | Meetings Desktop App for  | Products   |        |             |
    |         | Windows.                  |            |        |             |
    +---------+---------------------------+------------+--------+-------------+
    | 1.0     | Initial public release.   | -          | Final  | 2020-JUN-17 |
    +---------+---------------------------+------------+--------+-------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXzN4tONLKJtyKPYoAQiWTg/7B0Uj6N2axXOODz3F7gHucCj/BqaSnWpo
iTdkrVcnlRiopTEavhew+t9uTVOi/QvTlyhJmI1TCg/KgVEvratqwHBRJfSuP6zX
NzKPRjsaZDAd0IMLw1bw+zwas67NTAV0e91UCCgv+SWN2typFa+aHqeVS7QneRAJ
T0an/+c9jFxE/cR/aT4v0xlrOPa+ub3EKIYr/X6GwirvvvbdKwGX4p5pwT3Coh/1
GeY9Sc+BbYx0OgoBNF/R75HboZHNUoxl28PvpXlfxY4YMYG4B98PXPAuTuIfoc8s
efUpqTRuu9pueBuH4T7t/SriY8tnU0Ckwie9gjM1zF7C0NndkEhXkfXuHO8z7BI7
mguvnpPg1gIfDaX6sED2H0QTfLZS5hGJWfMB8HbtSj6s/5pMiuPgsYlGuhnBiTrN
UYKOXsudrYJrfcKX6bIpjCdCP8uN3hGdqulR8kME9Isu6BEr/Pv2b2CRQlUc9Odh
YXvP3PP42/esHS2NB2uCAOwoRdbFpi83lxst+5vZspa/2LTQkyaQMvExxoKY0QzD
xEH+MaRgAPr4QXEMdQ0fZVYm9fGbbUliXPkf31CnVGBU7/6ZUSUjmg6q0GNRbaLu
PQ/louh1K737Hyoy8L5es8XtH0FYqWQGWYR+hoc3opawi9dN6czMiB3ySjzxq53Q
NzPhfIFs7mM=
=bahe
-----END PGP SIGNATURE-----