Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

cisco-sa-20180502-webex-rce · Medium · Published · Updated

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user’s system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, it is possible to remove all Cisco WebEx software completely from a system by using the Meeting Services Removal Tool (for Microsoft Windows) or the Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X), both of which are available for download from the Cisco Collaboration Help article at https://collaborationhelp.cisco.com/article/en-us/WBX000026396 ["https://collaborationhelp.cisco.com/article/en-us/WBX000026396"].

Removal of Cisco WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help article at https://collaborationhelp.cisco.com/article/en-us/WBX28548 ["https://collaborationhelp.cisco.com/article/en-us/WBX28548"].

CVEsCVE-2018-0287
Cisco Bug IDsCSCvh70228, CSCvh70213, CSCvh70222
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx ARF Player, Cisco WebEx Meetings Server, Cisco Webex Meetings

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2018-0287 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2018-0287 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2018-0287 Cisco OpenVuln