Cisco Webex Services Single Sign-On Impersonation Vulnerability

A vulnerability exists in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services. This flaw could have allowed an unauthenticated, remote attacker to impersonate any user within the service. The issue arises from improper certificate validation, which could have been exploited by connecting to a service endpoint and supplying a crafted token. A successful exploit would have granted unauthorized access to legitimate Cisco Webex services.

Impact

Exploitation of this vulnerability could have led to unauthorized access to Cisco Webex services, allowing attackers to impersonate users.

Remediation

Cisco has fixed this vulnerability in the Webex service. Affected organizations using SSO integration must upload a new identity provider (IdP) SAML certificate to Control Hub. For more details, refer to the Webex help article on managing SSO integration in Control Hub.