CVE-2020-3322

Name of the Vulnerable Software and Affected Versions Cisco Webex Network Recording Player (affected versions not specified) Cisco Webex Player (affected versions not specified)

Description The issue exists due to insufficient validation of certain elements within Webex recordings stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this by sending a malicious ARF or WRF file to a user through a link or email attachment, persuading them to open it with the affected software. A successful exploit could cause the Webex player application to crash when trying to view the malicious file, resulting in a Denial of Service (DoS) condition.

Recommendations For Cisco Webex Network Recording Player, consider disabling the playback of ARF and WRF files until a patch is available. For Cisco Webex Player, restrict access to opening files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid opening suspicious links or email attachments that could contain malicious ARF or WRF files.