An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. Multiple vulnerabilities exist due to an insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF).Details of the vulnerabilities are as follows: Multiple vulnerabilities have been discovered in Cisco Webex Network Recording Player and Cisco Webex Player that could allow for arbitrary code execution with the privileges of the targeted user. Large and medium business entities: HIGH.Large and medium government entities: HIGH.Cisco Webex Network Recording Player versions prior to 41.4 on Windows and MacOS (CVE-2021-1502).Cisco Webex Player versions prior to 41.4 on Windows and MacOS (CVE-2021-1502).Cisco Webex Network Recording Player versions prior to 41.2 on Windows and MacOS (CVE-2021-1503).Cisco Webex Player versions prior to 41.2 on Windows and MacOS (CVE-2021-1503).There are currently no reports of this vulnerability being exploited in the wild. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges. Depending on the privileges associated with the targeted user, an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems with the privileges of the targeted user. The Webex Player is an application that is used to play back and edit recorded Webex meeting files. The Webex Network Recording Player is an application that is used to convert Webex recording files to standard formats such as Windows Media Video, Flash or MP4. The Webex meeting service is a hosted multimedia conferencing solution that is managed and maintained by Cisco Webex. Multiple vulnerabilities have been discovered in Cisco Webex Network Recording Player and Cisco Webex Player that could allow for arbitrary code execution. Multiple Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |