Home > Research > Cisco Suffers Security Flaw With Zoom Interoperability

Cisco Suffers Security Flaw With Zoom Interoperability

On October 31, 2019, Cisco was notified of a security risk with the Zoom Connector for Cisco. Access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.

Furthermore, Zoom’s landing page copied Cisco’s landing page, misleading users into thinking they were on a secure Cisco webpage.

Cisco named three major security problems that resulted from this incident:

  • The Zoom URL did not require credentials.
  • Zoom exposed Cisco Webex Devices to administrative exposure by placing itself between the user and the Cisco interface.
  • The Zoom URL did not get revoked if the administration password was changed.

Source: Web Conferencing at SoftwareReviews. Accessed November 11, 2019

Our Take

Cisco’s announcement of this security issue beat the press to the fold. The result is that Cisco has been able to shape the narrative of this incident – and it doesn’t portray Zoom in a good light. Given Zoom’s security problem earlier this year, which saw an exposure in Zoom’s APIs for Webex, Cisco is losing patience.

Sri Srinivasan, SVP and GM for the Team Collaboration Group at Cisco, issued this stark statement: “We [Cisco] would like them [Zoom] to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.”

Yet in a competitive collaboration marketplace, the harsh reality is that Cisco and Zoom need to ensure interoperability. Microsoft’s Teams offering is making serious traction in this space, and Cisco and Zoom cannot afford to lose out on users due to security problems.

However, Cisco’s public statement will be a jolt to Zoom, who will be left to suffer by themselves if their security issues are not resolved. After all, as Srinivasan continued, though interoperability is convenient, it “comes with zero compromises on security and data integrity.” Abandoning Zoom may not be attractive, but it would certainly limit the fallout if Zoom’s security problems become more frequent.


Want to Know More?

Apple Rushes to Fix Zoom Security Flaw

SoftwareReviews: Zoom Scorecard

SoftwareReviews: Cisco Webex Meetings Scorecard