Guest

Preview Tool

Cisco Bug: CSCvh72272 - Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Last Modified

Feb 27, 2019

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

T32.11

Description (partial)

<B>Symptom:</B>
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition.

The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos

<B>Conditions:</B>
These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites. The following versions of ARF and WRF recording players are affected:

* Cisco Webex Meetings Suite (WBS31) - Webex Network Recording Player and Webex Player versions prior to WBS31.23 
* Cisco Webex Meetings Suite (WBS32) - Webex Network Recording Player and Webex Player versions prior to WBS32.15 
* Cisco Webex Meetings Suite (WBS33) - Webex Network Recording Player and Webex Player versions prior to WBS33.2
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.