CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.4%
The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com[βhttp://www.webex.com/β].
If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com[βhttp://www.webex.com/β].
Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_event_center | any | cpe:2.3:a:cisco:webex_event_center:any:*:*:*:*:*:*:* |
cisco | webex_meeting_center | any | cpe:2.3:a:cisco:webex_meeting_center:any:*:*:*:*:*:*:* |
cisco | webex_support_center | any | cpe:2.3:a:cisco:webex_support_center:any:*:*:*:*:*:*:* |
cisco | webex_training_center | any | cpe:2.3:a:cisco:webex_training_center:any:*:*:*:*:*:*:* |