Vulnslist

find the latest Cisco vulnerabilities

Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities

cisco-sa-20180919-webex · High · Published · Updated

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a user a link or email attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities. However, it is possible to remove the affected Cisco Webex Network Recording Player and Cisco Webex Player by following the uninstall procedure for the operating system. For example, in Windows, use Add or Remove Programs to uninstall the affected players.

To remove Webex software completely from a system, use the Meeting Services Removal Tool (for Microsoft Windows users) or Mac Webex Meeting Application Uninstaller (for Apple Mac OS X users), available for download from the Cisco Collaboration Help article Cisco WebEx and 3rd Party Support Utilities https://collaborationhelp.cisco.com/article/en-us/WBX000026396 .

Removal of the Webex software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help article How Do I Uninstall WebEx Software on a Linux or Unix Based System? https://collaborationhelp.cisco.com/article/en-us/WBX28548

CVEsCVE-2018-15414, CVE-2018-15421, CVE-2018-15422
Cisco Bug IDsCSCvj67334, CSCvj67339, CSCvj67344, CSCvj63717, CSCvj63724, CSCvj63729, CSCvj63665, CSCvj63672, CSCvj63676
CVSS ScoreBase 7.8
Base 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx ARF Player

Related Products

Product CVE Evidence
Cisco Webex Network Recording Player CVE-2018-15422 Cisco OpenVuln
Cisco Webex Network Recording Player CVE-2018-15421 Cisco OpenVuln
Cisco Webex Network Recording Player CVE-2018-15414 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2018-15422 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2018-15421 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2018-15414 Cisco OpenVuln