WebEx Security Vulnerability

Methods

phone email sms voicemail chatbot physical

Payloads

doc docx xls xlsx ppt pptx pdf hta exe bat zip xss csrf click-once phishing page ole drive-by-download usb drop cloud hosted file

Goals

cred harvest malware physical access info gather bec

Description

WebEx users and account administrators receive an email from "WebEx" with details of a new critical CVE (Common Vulnerabilities and Exposures) security flaw that requires immediate patching. The email is HTML-based and mimics the actual Cisco Security Advisory format (see link in the resources section below). In fact, attackers could use an actual security advisory in the email. The email also contains a link to review / fix the security vulnerability that requires users to first log into WebEx, thus providing the attacker an opportunity to harvest credentials.

Example Email(s)

Source: https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats

Example Payload Ideas

PHISHING PAGE

Fake WebEx or Cisco VPN login page designed to capture user credentials.

Analysis

Cybersecurity is top of mind for many employees and IT administrators, especially in the age of large-scale remote working. Given all of the attention Zoom received in the spring of 2020 for Zoombombing, it would be reasonable to believe employees would pay extra attention to another teleconferencing service that might have security issues.