—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

Advisory ID: cisco-sa-20190123-webex-rce

Revision: 1.1

For Public Release: 2019 January 23 16:00 GMT

Last Updated: 2019 January 30 20:17 GMT

CVE ID(s): CVE-2019-1637, CVE-2019-1638, CVE-2019-1639, CVE-2019-1640, CVE-2019-1641

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJcUgfoXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczru8P/R9ZItJx6Y7kzrTWxS1uYSEjwKYC
8BeToEqR6Hx8a6hwRIzremAPrfimZPcK1nj3xnaKtwCJhFjOlHNlYnrQGGG0M3Ov
vTOnsiJbpxb9MMv/VXk2cSd+oy4REhxLte2BzlGijE0VBvcpWK2zEiHPNAYAIQ0f
II1yzytDKeX462w7nFMEELPp3xg7nOM+rB3Fjr7KO0Q3JXqQ8i8EthbvDWghSvML
vN0CCqs4h2e9JCpsjIqIk0f+cWUsV+FBfeG13jMNqySY4B6i+hEDT6XGfhddkqpe
hR8LaVRabdfgq629HXqWku1+gIMUfvzQwod/2AP/aLYkNUwR5rJiYj2ASje9ECvy
aIraGjLj1seYB8UqZLmdxHWCXpfF5KVRDPfvEkMQq3yrIpxoelHbG9MUpdrwTZkf
3j3YC3jz1LXv4QdDpQbuwI2Dy8Xuc7/ltTvHXRD9zE2vAarh1qc+QsGQgUIs96HT
qPJmVHrDKQW396sSjYbFVUJXlgTIHehy0Qc9fjMhyiUxDUJXBQQHSm0iYAEmw608
kiX/9a2IagUXlMnsVbH2Ompm59y+6osZ5HqP5PO/Bil+Wi9bO2GtorE0wiv7rqdv
cP+yP6tsmbzL6cou0oochsb0g86DovijUlOkc/PT4GLBiEHhwWJzzRqVmhiNLvpK
wwvwVpzi7oGaznTG
=rhd0
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com