CVE-2020-3116

Name of the Vulnerable Software and Affected Versions Cisco Webex Events, Cisco Webex Meeting Center, Cisco Webex Support Center, Cisco Webex Training Center (affected versions not specified)

Description The issue is related to insufficient validation of Universal Communications Format (UCF) media files in Cisco Webex applications. This could allow an attacker to cause a denial of service (DoS) condition by sending a user a malicious UCF file, which, when opened with the affected software, would cause the application to quit unexpectedly.

Recommendations For Cisco Webex Events, consider disabling the handling of UCF files until a patch is available. For Cisco Webex Meeting Center, restrict access to opening UCF files with the application to minimize the risk of exploitation. For Cisco Webex Support Center, avoid using the application to open UCF files from untrusted sources until the issue is resolved. For Cisco Webex Training Center, as a temporary workaround, consider blocking the receipt of UCF files through email attachments or links to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.