Cisco tackled vulnerabilities in Webex software exploited to infiltrate German government meetings

AndyC 6 June 2024

Pierluigi Paganini

Cisco addressed Webex flaws used to compromise German government meetings
Pierluigi Paganini
June 05, 2024

Cisco mitigated vulnerabilities utilized to breach the security of German government Webex meetings.

Early in the month of May, Zeit Online reported that cybercriminals exploited weaknesses in the German government’s configuration of Cisco Webex software to gain unauthorized access to internal meetings.

Back in March, the German government acknowledged the intrusion by Russian-linked entities during a military meeting centered on providing military support to Ukraine.

“In the beginning of May 2024, Cisco identified vulnerabilities in Cisco Webex Meetings that were potentially utilized in targeted security exploration activities, allowing unauthorized entry to meeting data and metadata in Cisco Webex configurations for specific clients hosted in our Frankfurt data hub,” stated the advisory released by Cisco.

Experts speculate that cybercriminals exploited an insecure direct object reference (IDOR) flaw to infiltrate internal Webex meetings, enabling them to access meeting information, such as participants and subject matter, and eavesdrop on sensitive discussions despite the German government opting for an on-premises version of Webex.

It was also uncovered that certain meeting rooms utilized by high-ranking officials lacked password protection.

Cisco has now confirmed that the security flaw abused by state-affiliated actors has been remedied.

“These vulnerabilities have been rectified and a comprehensive solution has been globally enacted as of May 28, 2024,” the advisory continued.

Cisco informed affected customers about any noticeable attempts to infiltrate meeting information and metadata. Following the resolution of the vulnerabilities, there have been no further observed exploitation attempts. The company mentioned that the investigation is ongoing, with continuous monitoring for unauthorized activities and necessary updates provided through standard communication channels.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Germany)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , ,

More Stories

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

AndyC 20 December 2025
CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025

You may have missed

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

AndyC 20 December 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

AndyC 20 December 2025
State-linked and criminal hackers use device code phishing against M365 users

State-linked and criminal hackers use device code phishing against M365 users

AndyC 20 December 2025
Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.