You are here
Home > Preporuke > Ranjivosti Cisco Webex Network Recording Player proizvoda

Ranjivosti Cisco Webex Network Recording Player proizvoda

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities

Advisory ID: cisco-sa-20180919-webex

Revision: 1.0

For Public Release: 2018 September 19 16:00 GMT

Last Updated: 2018 September 19 16:00 GMT

CVE ID(s): CVE-2018-15414, CVE-2018-15421, CVE-2018-15422

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit this vulnerability by sending a user a link or email attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbonRJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczleUP/A405ALuo6duQP4d3psY8986GvpA
nbJUfTwwKz3Mk925UjmaGiQfjGBCUIMZEL2j4bo/ioqzOxy919yMEXflaOkCa7ye
nyrl11my5Nd0nAsyxtRb2GzIQ6q8+dL45V8NY68pZFMFVJIEes458prtnLE8H42J
vMDE6Yh62EI44woYr/T/Oo93t+BvgFecPauLp3Gg7qbAtXDj1U1AKjY1B8QjaYp6
V+3Tw//kn02rOqzkNWVWggbP0GLUBBPnSHPTHWvpwI8YxC5xHnpphejux9+sN7Ss
vqdzkbY4Ac14Kkl1L7jV+Sr7RGA9ai7XWPfK9ku37SA7hs5BMf7681hjg8c4MZ8w
VxIOLhGoMlu+MHV0pIy33ilA++K7ukX+MADx4PbtLIeMmlAdKWbtI8+K2x2wjTQA
fgIwaZ9yPVTnG5Hn1Ry0/NNsUF8SvRdXvjX1Q4lREKKbLKn7Mk6Tt0B3voOoh0k2
12n4cH1JKqFN7rHYJvwuVDaOeWttYMMGnu/aOaHh/0rNZXtBlPOoZYpksTJj10FZ
6Sm/1xMp2jP8QL5U6qvQ0rIHXjIUU2dtld0XbQcRWw9FxRJNLDqogRWACn+Jo4tq
eeU3mVSFHxLMfcMrmgC4YrIP9vwFjNpDLlqEb0zjRkHEODOqH8C4EnDD2NFNYHIT
lMc19egRoYOxwUy5
=Ukq3
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskih paketa lcms i lcms2

Otkriveni su sigurnosni nedostaci u programskim paketima lcms i lcms2 za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje...

Close