Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Network Recording Player Denial of Service Vulnerability

cisco-sa-20171129-webex1 · Medium · Published · Updated

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12360
Cisco Bug IDsCSCve30294, CSCve30301
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx WRF Player, Cisco Webex Meetings

Related Products

Product CVE Evidence
Cisco Webex Network Recording Player CVE-2017-12360 Cisco OpenVuln
Cisco Webex Meetings CVE-2017-12360 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2017-12360 Cisco OpenVuln