Cisco Webex Meetings Meeting Information and Metadata Issue June 2024

In May 2024, Cisco discovered and patched bugs in Cisco Webex Meetings that allowed unauthorized access to meeting information for certain customers. The issue was resolved on May 28th, 2024. Cisco notified affected customers based on access logs available from May 6th, 2024. The investigation revealed that the same actor obtained a larger dataset of meeting data prior to May 6th, 2024. Some customers experienced successful PSTN dial-in attempts using the retrieved meeting data. Cisco recommends customers enable passcodes for PSTN dial-ins and verify that the lobby feature is enabled for Personal Meeting Rooms. Customers should review meeting information obtained before May 28th, 2024, and assess the risk. Cisco encourages customers to monitor support channels for further updates and use them for inquiries. Cisco welcomes collaboration with customers and the security community to enhance industry security. For support with security concerns, customers can contact the Cisco Technical Assistance Center (TAC). The security impact rating is informational.