Cisco cries foul over security flaw in Zoom Connector
.jpg)
Cisco slammed rival Zoom for a security lapse that left the management portals of many video devices exposed to the public internet. It's an unusually public spat between two of the industry's leading video conferencing providers.
The dispute revolves around Zoom Connector, a gateway that connects standards-based video devices to the Zoom cloud. In addition to providing a management portal for the hardware, the service makes it possible to join Zoom meetings with one click.
The Zoom Connector previously allowed anyone with the correct URL to access the admin portal for Cisco, Poly and Lifesize devices from the public internet without login credentials, according to Cisco. That would have let a hacker commandeer a company's video systems, potentially allowing them to eavesdrop on conference rooms.
Zoom released a patch last week that password-protected access to the control hub via those URLs. But in a blog post this week, Cisco said the quick fix did not go far enough, alerting customers that Zoom's connector service did not meet Cisco's security standards.
To create the connector, Zoom built a link between the Zoom cloud and a Cisco web server running within a corporate network, said Sri Srinivasan, general manager of Cisco's team collaboration group. The configuration provides a point of access to the endpoints that lies outside the network firewall.
"You don't want to have firewall settings open for a management interface of this sort, even [when] password-protected," Srinivasan said.
Similarly, in a statement Tuesday, Lifesize said it considered Zoom Connector an unauthorized integration "built in an inherently insecure way." However, the company concluded that the security flaw spotlighted by Cisco did not put customers in immediate risk.
In a statement Tuesday, Zoom said it considered the issue fully resolved. While insisting customers were safe, Zoom said it did advise companies to check device logs for unusual activity or unauthorized access.
Zoom added that it was not aware of any instances of hackers exploiting the vulnerability. The URLs necessary to access a device's management portal are long and complicated, similar to a link to a Google Doc or an unlisted YouTube video. Most likely, a hacker would have needed to first gain access to an admin's browser history to exploit the flaw.
Zoom has come under fire before for security shortfalls. Experts criticized the vendor in July for quietly installing a web server on Mac computers. The software left users vulnerable to being forcibly joined to a meeting with their video cameras turned on.
Cisco has raised issues with Zoom about the connector in the past, but only became aware of the URL vulnerability on Oct. 31, Srinivasan said. A customer who wished to remain anonymous reported the problem to Cisco and Zoom around the same time, he said. Zoom patched the issue on Nov. 19, one day after Cisco said it contacted the company about the problem.
Adding fuel to the fire, Zoom has been using the Cisco logo on its connector's admin portal. Cisco said this likely led customers to believe they were accessing a website supported by Cisco.
"This has been going on for a long, long time," Srinivasan said. "Now, we know better to make sure we check everything Zoom does."
But it seems unlikely Zoom will heed Cisco's directive to obtain certification of the service. The vendor has a financial stake in the matter, as it charges customers $499 per year, per port for Zoom Connector.
Zoom has emerged in recent years as perhaps Cisco's biggest competitor in the video conferencing market. Eric Yuan resigned as Cisco's vice president of engineering to start Zoom in 2011. Yuan was one of the chief architects of the Webex video conferencing software that Cisco acquired in 2007.
In the coming months, Cisco is planning to release a SIP-based integration for Zoom and other leading video conferencing providers. The technology would let users join third-party meetings with one click from a Cisco device.
Cisco already supports SIP-based interoperability. But taking advantage of it requires businesses to build an integration themselves or pay for a third-party service. Srinivasan said the forthcoming SIP integration would eliminate the need for a service like Zoom Connector
source searchunifiedcommunications
Industry: Unified Communications
Latest Jobs
-
- Technical Pre Sales Cybersecurity Consultant. Healthcare
- England
- N/A
-
Technical Pre Sales Cybersecurity Consultant UK Remote | Healthcare Focus Overview We are seeking an experienced Technical Pre Sales Cybersecurity Consultant to support healthcare organisations by delivering advisory, solution design, and security uplift services. This role focuses on improving security outcomes, addressing operational challenges, and enabling informed technology decisions across complex and regulated environments. The position blends technical pre sales expertise with a consultative approach, working closely with clinical, technical, and commercial stakeholders to shape effective cybersecurity solutions. The individual must be able to achieve UK Security Clearance. Key Responsibilities Provide technical pre sales support across cybersecurity solutions and services for healthcare organisations Engage stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and recommendations to strengthen security posture and resilience Translate customer requirements into clear, outcome focused technical and commercial solution designs Act as a trusted technical advisor throughout the sales and early delivery lifecycle Produce clear technical documentation, recommendations, and customer facing materials suitable for regulated environments Collaborate closely with sales, delivery, and technical teams to align solutions with customer needs Experience and Skills Proven experience in technical pre sales or cybersecurity consultancy Experience working within healthcare or other highly regulated sectors Broad knowledge of cybersecurity technologies, managed services, and risk based approaches Strong communication skills with the ability to engage both technical and non technical stakeholders Confident operating in a client facing, consultative role UK based role with remote working Occasional travel for customer engagement as required
-
- Contract Technical Pre Sales Cyber Security Healthcare. SC clearance needed
- England
- Outside IR35
-
Contract Technical Pre Sales Cyber Security Healthcare Outside IR35 Contract | UK Remote | Healthcare Focus Existing SC clearance is required. Overview Seeking an experienced Technical Pre Sales Cybersecurity Consultant is required to deliver advisory and uplift services across complex healthcare organisations. This Outside IR35 contract operates on a consultancy basis, focused on improving security outcomes, addressing operational pain points, and supporting informed Cyber Security decisions. The role combines deep technical pre sales capability with consultative advisory delivery, working across clinical, technical, and commercial stakeholders to shape effective and proportionate cybersecurity solutions. Responsibilities Provide technical pre sales consultancy across cybersecurity solutions and services within healthcare environments Engage senior stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and uplift recommendations to improve security posture, resilience, and maturity Translate healthcare requirements into clear, outcome focused technical and commercial propositions Act as a trusted technical advisor throughout the pre sales and early engagement lifecycle Produce concise technical documentation, recommendations, and advisory outputs suitable for regulated healthcare settings Experience Strong background in technical pre sales or cybersecurity consultancy Experience working with healthcare or other highly regulated environments Broad understanding of cybersecurity technologies, managed services, and risk based security approaches Ability to communicate complex technical concepts to both technical and non technical audiences Comfortable operating independently in a client facing advisory role
-
- London Sales Manager, Key Clients. Security. Immediate
- London
- N/A
-
London Sales Manager, Key Clients A senior sales leadership role within the cyber security services and technology market, focused on account development and revenue growth across key clients. You will lead a sales team with responsibility for customer retention, increasing share of wallet and maintaining a strong commercial pipeline. The role works closely with technical, delivery and marketing teams, as well as technology partners. Key focus Lead and coach a field based sales team Own forecasting, pipeline quality and revenue delivery Drive renewals and account development Expand customer investment across services and solutions Build relationships with vendors and partners Background Proven experience managing enterprise sales teams Consistent performance against revenue targets Cyber or IT security sales leadership experience Exposure to Palo Alto, Check Point, Microsoft, etc Commercially focused with a structured sales approach A role for a sales leader focused on long term client value and sustainable growth.
-
- Outside IR35 Functional tester - London - Security Cleared
- London
- Outside IR35
-
Outside IR35 Functional tester - London - Security Cleared Willing to undergo DV Clearance 3 days a week onsite. (London) We are looking for a Functional Test Specialist to support a complex technology programme where accuracy and delivery assurance matter. Key Focus Validate application behaviour and run functional test scenarios Identify risk, defects, and delivery issues early Define practical test approaches and environment needs Produce automated checks where appropriate Work closely with technical teams to agree acceptance criteria Report clearly on outcomes, defects, and risks Experience Needed Strong Microsoft stack exposure Experience supporting server or infrastructure migrations Solid functional testing background Comfortable working remotely onsite (London 3 days a week) Linux or container exposure Jira / Wiki Restricted or isolated environments A hands on role for someone who values clarity, ownership, and quality.