CVE-2020-3319

Name of the Vulnerable Software and Affected Versions Cisco Webex Network Recording Player and Cisco Webex Player versions prior to Release 3.0 MR3 Security Patch 2 and 4.0 MR3.

Description A vulnerability exists due to insufficient validation of certain elements within Webex recordings stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious ARF or WRF file to a user through a link or email attachment, persuading the user to open the file with the affected software. A successful exploit could cause the Webex player application to crash, resulting in a Denial of Service (DoS) condition.

Recommendations For versions prior to Release 3.0 MR3 Security Patch 2, update to Release 3.0 MR3 Security Patch 2 or later. For versions prior to 4.0 MR3, update to 4.0 MR3 or later. As a temporary workaround, consider avoiding the use of ARF or WRF files from untrusted sources until a patch is applied.