Guest

Preview Tool

Cisco Bug: CSCvh72281 - Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Last Modified

May 22, 2019

Products (1)

  • Cisco Webex Meetings Server

Known Affected Releases

T30

Description (partial)

<B>Symptom:</B>
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition.

The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos

<B>Conditions:</B>
These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Server. The following versions of ARF and WRF recording players are affected:

* Cisco Webex Meetings Server - Webex Network Recording Player versions prior to 3.0MR1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.