Multiple Vulnerabilities in Cisco Webex Recording Players for ARF and WRF Files
CVE-2018-0380

5.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Webex Network Recording Players Unknown
Vendor
CVE Published:
18 July 2018

Summary

Multiple vulnerabilities are found in the Cisco Webex Network Recording Player when handling Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. These vulnerabilities could be exploited by attackers who send a user a malicious .arf or .wrf file through email or a URL, tricking them into opening it in the Webex recording players. Such exploitation can cause the player to crash, leading to a denial of service (DoS) condition. The Webex Network Recording Player for ARF files may automatically install when users access a recording on a Webex server, while WRF players need to be downloaded manually. These vulnerabilities affect multiple Webex products, including those hosted on Cisco Webex Meetings Suite, Online, and Server.

Affected Version(s)

Cisco Webex Network Recording Players unknown Cisco Webex Network Recording Players unknown

References

http://www.securityfocus.com/bid/104880
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041351
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.