CiscoCISCO-SA-20180502-WARCisco WebEx Advanced Recording Format Remote Code Execution Vulnerability
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user.
An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the userβs system.
The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be installed automatically when a user accesses a recording file that is hosted on a WebEx server.
Cisco has updated affected versions of Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and the Cisco WebEx ARF Player to address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war [βhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-warβ]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | webex_player | any | cpe:2.3:a:cisco:webex_player:any:*:*:*:*:macos:*:* |
| cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |
| cisco | webex_meetings | any | cpe:2.3:a:cisco:webex_meetings:any:*:*:*:*:*:*:* |
Related
