cisco-sa-20171129-webex-players

Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players

cisco-sa-20171129-webex-players · Critical · Published 8 years ago · Updated 8 years ago

Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF and WRF Players to address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities. However, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X users) available for download from the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX000026396 ["https://collaborationhelp.cisco.com/article/en-us/WBX000026396"].

Removal of the WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article: https://collaborationhelp.cisco.com/article/en-us/WBX28548 ["https://collaborationhelp.cisco.com/article/en-us/WBX28548"].

CVEs	CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371, CVE-2017-12372
Cisco Bug IDs	CSCve02843, CSCve10584, CSCve10591, CSCve10658, CSCve10744, CSCve10749, CSCve10762, CSCve10764, CSCve11503, CSCve11507, CSCve11532, CSCve11538, CSCve11545, CSCve11548, CSCve30208, CSCve30214, CSCve30268, CSCvf38060, CSCvf38077, CSCvf38084, CSCvf49650, CSCvf49697, CSCvf49707, CSCvf57234, CSCvg54836, CSCvg54843, CSCvg54850, CSCvg54853, CSCvg54856, CSCvg54861, CSCvg54867, CSCvg54868, CSCvg54870
CVSS Score	Base 8.8 Base 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Base 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X Base 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X Base 9.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X Base 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco WebEx WRF Player, Cisco WebEx Meeting Center, Cisco WebEx ARF Player, Cisco WebEx Meetings Server, Cisco Webex Meetings

Related Products

Product	CVE	Evidence
Cisco Webex Network Recording Player	CVE-2017-12372	Cisco OpenVuln
Cisco Webex Network Recording Player	CVE-2017-12371	Cisco OpenVuln
Cisco Webex Network Recording Player	CVE-2017-12370	Cisco OpenVuln
Cisco Webex Network Recording Player	CVE-2017-12369	Cisco OpenVuln
Cisco Webex Network Recording Player	CVE-2017-12368	Cisco OpenVuln
Cisco Webex Network Recording Player	CVE-2017-12367	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12372	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12371	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12370	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12369	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12368	Cisco OpenVuln
Cisco Webex Meetings	CVE-2017-12367	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12372	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12371	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12370	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12369	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12368	Cisco OpenVuln
Cisco WebEx WRF Player	CVE-2017-12367	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12372	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12371	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12370	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12369	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12368	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-12367	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12372	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12371	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12370	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12369	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12368	Cisco OpenVuln
Cisco WebEx Meeting Center	CVE-2017-12367	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12372	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12371	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12370	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12369	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12368	Cisco OpenVuln
Cisco WebEx ARF Player	CVE-2017-12367	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players

Workarounds

Related Products