[ALERT] ADVISORY ON CISCO WEBEX VULNERABILITIES

BACKGROUND
Three high-severity security update patches for Cisco appliances have been released, which affects Webex Teams for Windows (CVE-2020-3535), its Identity Services Engine (CVE-2020-3467), and Video Surveillance 8000 Series IP Cameras (CVE-2020-3544).

IMPACT
CVE-2020-3467
Allow the attacker to modify parts of the configuration using authenticated user. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network

CVE-2020-3535
Allow the attacker to execute arbitrary code on the targeted system using valid credentials from the authenticated user.

CVE-2020-3544
Allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.

 
AFFECTED VERSION
CVE-2020-3467
Cisco Identity Services Engine (ISE) version 2.3, 2.4, 2.5, 2.6 and 2.7

CVE-2020-3535
Cisco Webex Teams for Windows releases 3.0.13464.0 through 3.0.16040.0.

CVE-2020-3544
Cisco Video Surveillance 8000 Series IP Cameras if they are running a firmware release earlier than Release 1.0.9-5 and have the Cisco Discovery Protocol enabled

RECOMMENDATIONS
CVE-2020-3467
Upgrade to an appropriate fixed software release as indicated below:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-uJWqLTZM#fs

CVE-2020-3535
Update the Cisco Webex Teams Apps to the latest version.
For information about updating the client, see the Update the Cisco Webex Teams App to the Latest Release help article.
https://help.webex.com/en-us/mqkve8/Webex-Teams-Release-Notes#sprk_1966498

CVE-2020-3544
To download the firmware from the Software Center (https://software.cisco.com/download/home) on Cisco.com, do the following:

  • Click Browse all.
  • Choose Connected Safety and Security > Video Surveillance IP Cameras > Video Surveillance 8000 Series IP Cameras.
  • Choose the appropriate IP camera model.
  • Click Video Surveillance 8000 Series IP Camera Firmware.
  • Choose a release from the left pane of the product page