CVE-2018-0104

Name of the Vulnerable Software and Affected Versions: Cisco WebEx Meetings Server (affected versions not specified) Cisco WebEx Meetings (affected versions not specified) Cisco WebEx Business Suite (affected versions not specified) Cisco WebEx Network Recording Player (affected versions not specified)

Description: The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary code by using a specially crafted Advanced Recording Format (ARF) file. An attacker could exploit this by sending a malicious ARF file to a user via a link or email attachment and persuading the user to open it. Successful exploitation could allow the attacker to execute arbitrary code on the user's system.

Recommendations: For Cisco WebEx Meetings Server, update to a version that includes the fix for this issue. For Cisco WebEx Meetings, update to a version that includes the fix for this issue. For Cisco WebEx Business Suite, update to a version that includes the fix for this issue. For Cisco WebEx Network Recording Player, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of ARF files until a patch is available. Avoid opening suspicious ARF files from untrusted sources to minimize the risk of exploitation.