Guest

Preview Tool

Cisco Bug: CSCvs98259 - Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service

Last Modified

Jun 03, 2020

Products (1)

  • Cisco Webex Meetings Server

Known Affected Releases

4.0

Description (partial)

Symptom:
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system.

The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

Cisco has released software updates that address this vulnerability.

Conditions:
This vulnerability affects the following releases of Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows, which are available from Cisco Webex Meetings Server sites:

At the time of publication, this vulnerability affected Cisco Webex Meetings Server, Webex Network Recording Player, and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.

At the time of publication, Cisco Webex Meetings Server, Webex Network Recording Player, and Webex Player Releases 3.0 MR3 Security Patch 2, 4.0 MR3, and later contained the fix for this vulnerability.

To determine which release of Cisco Webex Network Recording Player or Cisco Webex Player is installed on a system, open the player and choose Help > About.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.