Arbitrary Code Execution Vulnerability in Cisco WebEx Network Recording Player
CVE-2018-0104

9.6CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Webex Advanced Recording Format Player
Vendor: CVE Published:; 4 January 2018

Summary

A vulnerability exists in the Cisco WebEx Network Recording Player related to the handling of Advanced Recording Format (ARF) files. An attacker can exploit this issue by sending a malicious link or email attachment to the user, encouraging them to open the ARF file. If successful, the malicious file could allow the attacker to execute arbitrary code on the user's machine. This vulnerability potentially compromises the security of systems using Cisco WebEx Business Suite, Meetings sites, Meetings Server, and ARF players, emphasizing the importance of vigilant security practices.

Affected Version(s)

Cisco WebEx Advanced Recording Format Player Cisco WebEx Advanced Recording Format Player

References

http://www.securityfocus.com/bid/102382

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 4, 2018
Vulnerability Reserved
Nov 27, 2017