Cisco WebEx Recording Format Player Information Disclosure Vulnerability

2018-05-0216:00:00

tools.cisco.com

EPSS

0.011

Percentile

84.9%

JSON

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks.

The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file.

There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id”]

Affected configurations

Vulners

Node

ciscowebex_wrf_player_t29Matchany

ciscowebex_meetingsMatchany

ciscowebex_wrf_player_t29Matchany

ciscowebex_meetingsMatchany

VendorProductVersionCPE
ciscowebex_wrf_player_t29anycpe:2.3:a:cisco:webex_wrf_player_t29:any:*:*:*:*:*:*:*
ciscowebex_meetingsanycpe:2.3:a:cisco:webex_meetings:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_wrf_player_t29	any	cpe:2.3:a:cisco:webex_wrf_player_t29:any:::::::*
cisco	webex_meetings	any	cpe:2.3:a:cisco:webex_meetings:any:::::::*