CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.0%
The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx WRF Player is an application used to play back WRF WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The Cisco WebEx WRF Player can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The Cisco WebEx WRF Player can also be manually installed for offline playback after downloading the application from http://www.webex.com/play-webex-recording.html[“http://www.webex.com/play-webex-recording.html”].
If the Cisco WebEx WRF Player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the Cisco WebEx WRF Player was manually installed, users will need to manually install a new version of the Cisco WebEx WRF Player after downloading the latest version from http://www.webex.com/play-webex-recording.html[“http://www.webex.com/play-webex-recording.html”].
Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_event_center | any | cpe:2.3:a:cisco:webex_event_center:any:*:*:*:*:*:*:* |
cisco | webex_meeting_center | any | cpe:2.3:a:cisco:webex_meeting_center:any:*:*:*:*:*:*:* |
cisco | webex_sales_center | any | cpe:2.3:a:cisco:webex_sales_center:any:*:*:*:*:*:*:* |
cisco | webex_support_center | any | cpe:2.3:a:cisco:webex_support_center:any:*:*:*:*:*:*:* |
cisco | webex_training_center | any | cpe:2.3:a:cisco:webex_training_center:any:*:*:*:*:*:*:* |