High-Severity Cisco Webex Flaws Fixed

image
Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems. Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing. The vulnerabilities (CVE-2020-3127 and CVE-2020-3128) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, “certain elements” within a Webex recording that is stored in either ARF or WRF, said Cisco. While Cisco did not detail the technicalities of the vulnerabilities, it said that “an attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system,” according to Cisco in a Wednesday advisory. “A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.” Different versions of Webex Network…

Source