Cisco WebEx Meetings Host Calendar Download Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to access and download calendar files without authorization.

The vulnerability is due to inconsistent authorization checks. An attacker could exploit this vulnerability by enumerating scheduled meetings and downloading the host calendar for each meeting.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must first be able to enumerate scheduled meetings from a targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.