Cisco Bug: CSCvs98270 - Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service
Jun 03, 2020
- Cisco Webex Meetings Online
Known Affected Releases
Symptom: A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. Cisco has released software updates that address this vulnerability. Conditions: This vulnerability affects the following releases of Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows, which are available from Cisco Webex Meetings sites: At the time of publication, this vulnerability affected Cisco Webex Meetings, Webex Network Recording Player, and Webex Player releases earlier than Releases WBS 39.5.19 or WBS 40.4.0 At the time of publication, Cisco Webex Meetings, Webex Network Recording Player, and Webex Player Releases WBS 39.5.19 or WBS 40.4.0 and later contained the fix for this vulnerability. To determine which release of Cisco Webex Network Recording Player or Cisco Webex Player is installed on a system, open the player and choose Help > About.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases