Remote Code Execution Vulnerability in Cisco WebEx Network Recording Player
CVE-2017-12368

9.6CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Webex Recording Format And Advanced Recording Format Players
Vendor
CVE Published:
30 November 2017

Summary

A vulnerability exists in the Cisco WebEx Network Recording Player that allows remote code execution when handling malicious Advanced Recording Format (ARF) or WebEx Recording Format (WRF) files. An attacker can exploit this vulnerability by persuading a user to open a specially crafted ARF or WRF file, which may lead to a crash of the player or potentially enable the execution of arbitrary code on the targeted user's system. This highlights the importance of vigilance and user awareness, as protection against such attacks relies on careful handling of seemingly innocuous files.

Affected Version(s)

Cisco WebEx Recording Format and Advanced Recording Format Players Cisco WebEx Recording Format and Advanced Recording Format Players

References

http://www.securityfocus.com/bid/102017
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039895
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.