Remote Code Execution Vulnerability in Cisco WebEx Products
CVE-2018-0287

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Webex Advanced Recording Format Player
Vendor
CVE Published:
2 May 2018

Summary

The Cisco WebEx Network Recording Player contains a vulnerability that can potentially allow an unauthenticated remote attacker to execute arbitrary code by exploiting a design flaw. By sending a malicious Advanced Recording Format (ARF) file through email or links, the attacker can persuade users to open the file, leading to unauthorized execution on their systems. This affects several WebEx products, highlighting the need for vigilance and prompt updates to mitigate the risks associated.

Affected Version(s)

Cisco WebEx Advanced Recording Format Player Cisco WebEx Advanced Recording Format Player

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104128
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040824
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.