A vulnerability has been discovered in Cisco’s Webex conferencing application which allows meeting attendees to act as ‘ghosts’. The flaw (CVE-2020-3419) allows any member of the meeting to spy on potential company secrets being shared.
Attacks can be remote, but they would need to access the meeting before joining it, having the meetings ‘join’ links and passwords. This means that the flaw is only of medium severity, with Cisco giving it a 6.5 out of 10 ranking on the CVSS scale. Although, the flaw is still dangerous as a ‘ghost’ user can obtain information from a meeting, without other users being aware of their presence.