Cisco Webex Flaw

Cisco Webex Flaw

Cisco Webex Flaw- The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.

Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems.

Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing.

The vulnerabilities (CVE-2020-3127 and CVE-2020-3128) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, “certain elements” within a Webex recording that is stored in either ARF or WRF, said Cisco.

While Cisco did not detail the technicalities of the vulnerabilities, it said that “an attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system,” according to Cisco in a Wednesday advisory. “A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.”

Brian Gorenc, director of vulnerability research and head of Trend Micro’s ZDI program, told Threatpost that the flaw allows remote attackers to execute arbitrary code – but it does require user interaction.

Read More at Threatpost

About The Author

Related Posts

Leave a Reply

Your email address will not be published.