![]() While Cisco's PSIRT has not observed any malicious activity using these flaws, they were found by security researcher Francis Provencher (PRL) who reported the issue to Cisco via Trend Micro's Zero Day Initiative.Ĭisco notes there are no workarounds for this bug and has listed in its advisory the releases of Webex Meetings sites and Webex Meetings Server that need to be updated. The Cisco Webex Player is available from Cisco Webex Meetings sites but not from the Cisco Webex Meetings Server. The Webex Network Recording Player is available from Cisco Webex Meetings sites and Cisco Webex Meetings Server. But businesses still aren't patching them The playback applications are available from Cisco Webex Meetings and Cisco Webex Meetings Server. Webex Network Recording Player is used to play back ARF files, while Webex Player is used to play back WRF files. They have a severity rating of 7.8.Īttackers can exploit the flaws by sending the target a malicious ARF or WRF file through a link or email attachment, and then tricking the target into opening the file with the two Webex players. ![]() There are three bugs that stem from the playback apps not doing enough to validate elements of Webex recordings stored in the Advanced Recording Format (ARF) – a video format for Webex – or the Webex Recording Format (WRF). On WebEx service site, on the left navigation bar, click Support >Downloads. On the Downloads page, under Recorder and Players, click the Recording and Playback link. However, the plug-in does not need to be updated.įortunately, Cisco's Product Security Incident Response Team (PSIRT) has not observed any attacks in the wild and Cisco found the bug during internal testing.Ĭisco is also urging customers to update Webex Meetings sites and Webex Meetings Server due to vulnerabilities affecting the Webex Network Recording Player for Windows and Webex Player for Windows. From the Recording and Playback page, click the Download link for the WebEx.Is there a way to increase playback speed for the Webex. The issue was due to the desktop app improperly validating messages.Ĭisco also notes that customers must update the affected app in the HVD in the virtual desktop environment. The bug has been fixed in the Webex Meetings Desktop App for Windows releases 40.6.9 and later and 40.8.9 and later. Nonetheless, Cisco has given the bug, tracked as CVE-2020-3588, a severity rating of 7.3 out of a possible 10. One mitigating factor is that the vulnerability can only be exploited by a local attacker with limited privileges who had sent a malicious message to the affected software by using the virtualization channel interface. In that case, please do the following."A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user," Cisco explains in an advisory. But if you install the record player in the past, it may be affected. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.Ĭurrent version of WebEx is not affected by this vulnerability. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. ![]() Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Cisco WebEx Network Recording Player is the official ARF and WRF playing software which allows you to watch, share and edit your WebEx recordings. ![]() ARF) when you download your saved WebEx Advanced Recording data. 【WebEx】Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players If you just download an ARF recording from your WebEx site, you will be asked to download and install the WebEx Network Recording Player for the ARF file playback. The files can be played in Cisco WebEx Player, which is freely available on WebExs.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |