—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities

Advisory ID: cisco-sa-20181003-webex-rce

Revision: 1.0

For Public Release: 2018 October 3 16:00 GMT

Last Updated: 2018 October 3 16:00 GMT

CVE ID(s): CVE-2018-15408, CVE-2018-15409, CVE-2018-15410, CVE-2018-15411, CVE-2018-15412, CVE-2018-15413, CVE-2018-15415, CVE-2018-15416, CVE-2018-15417, CVE-2018-15418, CVE-2018-15419, CVE-2018-15420, CVE-2018-15431

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbtOqzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczgp8QAKTnNf9mXE/QSNtnIDNG+42XnYZ0
haitdS6VV07gL67tW5+GAoJiiwQfNTcSOVreBXnxdGCgS05H4hH3F3Ml2uNFnAtY
p0/BeEv3e2r9nER9Pw3D5xU4qlFWHSD+fm17l9OemI6MMaerWMOvhOT6T3mQwrPf
HxQeUtRg0i1lb6XfRB2svUOfXkB+W2cJYjT7jE5NhAWyPTEqTm/MmMgIehSE4pCJ
HAYSJImwSDZ7eju3FSHTeSgl6LmfsO27LmCmI6Mwt8YWPqukp0YChxPFEYjooj0C
JmNzwa2Kd+33Yif1rb2q6rFugracZ522OOxZtesRMBe6q2mktepT3sirvIWpzcpg
tJdRq6ptpMxiOzNhJlR7fmaKkAy/q2MB6+K6FG2ZlAf4+dkUn2nm+p3tCUyHHUMf
23Zqv3qIwMMm5SfVmvONEHcuDWwU58qppMAoXBYKN1rajw5eVOXW2gu43yEgfOv5
Jm4LQpnCA4S+W83ALos10THEC24UMZawqeGgsJn6DMKl9HpEP2WYGf1Y+8U9/8FG
4c8b/7XELV2ld6C2gyM9GVJ6Xej3Jccaq/BFL1NSgmUxeSWtVjeYzRJGxol46Xyx
flbNejnIZiIxWqKx8Eca/9SnSGtw8Ko/VlHhw7R36yW1jNGL1Ni06mrebFpq4shq
Zf68eBbHCu41eu+i
=BtSy
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com