Cisco Patches Remote Code Execution Vulnerability

Cisco
Cisco

The Remote Code Execution Vulnerability found in CISCO Network to gain control of the target system.

Multiple vulnerabilities found in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. According to Cisco Security Advisory

The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a malicious link or email attachment and by using Social Engineering techniques to the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system.

Cisco Webex

Cisco Webex Meeting services can be configured to allow recording of a meeting that is stored online and can be downloaded by a user in ARF format. These services can also record meetings directly on local computers in WRF format. The Cisco Webex Network Recording Player plays .arf files and the Cisco Webex Player plays .wrf files.

The Network Recording Player can be installed automatically when a user accesses a recording file, that is hosted on a Cisco Webex Meetings Suite site (for streaming playback mode). The Cisco Webex Network Recording Player can also be installed manually. The Cisco Webex Player can only be manually installed from the Webex site.

Vulnerable Products

These vulnerabilities affect ARF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. The following versions of ARF recording players are affected:

  • Cisco Webex Meetings Suite (WBS32) – Webex Network Recording Player versions prior to WBS32.15.10
  • Cisco Webex Meetings Suite (WBS33) – Webex Network Recording Player versions prior to WBS33.3
  • Cisco Webex Meetings Online – Webex Network Recording Player versions prior to 1.3.37
  • Cisco Webex Meetings Server – Webex Network Recording Player versions prior to 3.0MR2

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Fixed Releases

The following versions of the Cisco Webex Network Recording Player available from the Cisco Webex Meetings Suite sites (WBS32, WBS33), Cisco Webex Meetings Online site, and Cisco Webex Meetings Server address all the vulnerabilities described in this advisory:

  • Cisco Webex Meetings Suite (WBS32) – Cisco Webex Network Recording Player versions WBS32.15.10 and later.
  • Cisco Webex Meetings Suite (WBS33) – Cisco Webex Network Recording Player versions WBS33.3 and later.
  • Cisco Webex Meetings Online – Webex Network Recording Player versions 1.3.37 and later.
  • Cisco Webex Meetings Server – Webex Network Recording Player versions 3.0MR2 and later

You can use third-party software to for protecting Cisco Webex utilities.

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Email Security

Security Researcher Found 43GB Database Collection of Yahoo Mail

Next Article
IPtables Commands Cheatsheet

IPtables Commands Cheatsheet - For Windows And Linux

Related Posts
Total
0
Share