PT-2018-8728 · Cisco · Cisco Webex Arf Player+4
Published
2018-05-02
·
Updated
2019-10-09
·
CVE-2018-0287
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Cisco WebEx Network Recording Player (affected versions not specified)
Description:
A design flaw in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The attacker could exploit this by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This issue affects various Cisco WebEx products, including Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Webex Arf Player
Cisco Webex Business Suite
Cisco Webex Meetings
Cisco Webex Meetings Server
Cisco Webex Network Recording Player