Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability
CVE-2020-3321

3.3LOW

Key Information:

Vendor: Cisco
Status: Cisco Webex Network Recording Player; Cisco Webex Player For Microsoft Windows
Vendor: CVE Published:; 3 June 2020

Summary

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

Affected Version(s)

Cisco Webex Network Recording Player < 3.0 MR3 Security Patch 2

Cisco Webex Network Recording Player < 4.0 MR3

Cisco Webex Player for Microsoft Windows < 3.0 MR3 Security Patch 2

References

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2020
Vulnerability Reserved
Dec 12, 2019

Credit

Cisco would like to thank Kexu Wang of Fortinet's FortiGuard Labs for reporting this vulnerability