PT-2018-13020 · Cisco+1 · Cisco Webex Network Recording Player+2
Published
2018-09-21
·
Updated
2019-10-09
·
CVE-2018-15414
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Webex Network Recording Player for Microsoft Windows (affected versions not specified)
Cisco Webex Player for Microsoft Windows (affected versions not specified)
Description
A vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code on an affected system. An attacker could exploit this by sending a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file using the affected software.
Recommendations
For Cisco Webex Network Recording Player for Microsoft Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Cisco Webex Player for Microsoft Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Webex Network Recording Player
Cisco Webex Player
Windows