Guest

Preview Tool

Cisco Bug: CSCvh85453 - Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability

Last Modified

Jun 29, 2018

Products (1)

  • Cisco Webex Meetings Server

Known Affected Releases

2.7 2.8 3.0

Description (partial)

Symptom:
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system.

The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Conditions:
This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected by at least the vulnerability described in this advisory:

* Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4
* Cisco WebEx Business Suite (WBS32) client builds prior to T32.12
* Cisco WebEx Meetings with client builds prior to T32.12
* Cisco WebEx Meeting Server builds prior to 3.0 Patch 1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.