CVE-2018-15416: Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
First published: Fri Oct 05 2018(Updated: )
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings Online | <1.3.37 | |
| Cisco WebEx Meetings Server | =2.5-maintenance_release2_patch1 | |
| Cisco WebEx Meetings Server | =2.5-maintenance_release5_patch1 | |
| Cisco WebEx Meetings Server | =2.5-maintenance_release6_patch2 | |
| Cisco WebEx Meetings Server | =2.5-maintenance_release6_patch3 | |
| Cisco WebEx Meetings Server | =2.5-maintenance_release6_patch4 | |
| Cisco WebEx Meetings Server | =2.5.1.29 | |
| Cisco WebEx Meetings Server | =2.6 | |
| Cisco WebEx Meetings Server | =2.6-maintenance_release1_patch1 | |
| Cisco WebEx Meetings Server | =2.6-maintenance_release2_patch1 | |
| Cisco WebEx Meetings Server | =2.6-maintenance_release3_patch1 | |
| Cisco WebEx Meetings Server | =2.6-maintenance_release3_patch2 | |
| Cisco WebEx Meetings Server | =2.7 | |
| Cisco WebEx Meetings Server | =2.7-base | |
| Cisco WebEx Meetings Server | =2.7-maintenance_release1_patch1 | |
| Cisco WebEx Meetings Server | =2.7-maintenance_release2_patch1 | |
| Cisco WebEx Meetings Server | =2.7.1 | |
| Cisco WebEx Meetings Server | =2.8 | |
| Cisco WebEx Meetings Server | =2.8-base | |
| Cisco Webex Business Suite 32 | <32.15.10 | |
| Cisco Webex Business Suite 33 | <33.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15416?
CVE-2018-15416 is a vulnerability in the Cisco Webex Network Recording Player and Cisco Webex Player for Windows that allows an attacker to execute arbitrary code on an affected system.
How severe is CVE-2018-15416?
CVE-2018-15416 has a severity score of 7.8, which is considered critical.
What software versions are affected by CVE-2018-15416?
Cisco Webex Meetings Online 1.3.37, Cisco WebEx Meetings Server 2.5-maintenance_release2_patch1, 2.5-maintenance_release5_patch1, 2.5-maintenance_release6_patch2, 2.5-maintenance_release6_patch3, 2.5-maintenance_release6_patch4, 2.5.1.29, 2.6, 2.6-maintenance_release1_patch1, 2.6-maintenance_release2_patch1, 2.6-maintenance_release3_patch1, 2.6-maintenance_release3_patch2, 2.7, 2.7-base, 2.7-maintenance_release1_patch1, 2.7-maintenance_release2_patch1, 2.7.1, 2.8, 2.8-base, Cisco Webex Business Suite 32 up to 32.15.10, and Cisco Webex Business Suite 33 up to 33.3 are affected by CVE-2018-15416.
How do I fix CVE-2018-15416?
To fix CVE-2018-15416, users should update to the latest version of Cisco Webex Network Recording Player and Cisco Webex Player for Windows. Cisco has released a security advisory with further information and patches.
Where can I find more information about CVE-2018-15416?
More information about CVE-2018-15416 can be found on the Cisco Security Advisory page, as well as on security-focused websites such as SecurityFocus and SecurityTracker.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/cisco
- canonical/cisco webex meetings online
- canonical/cisco webex meetings server
- version/cisco webex meetings server/2.5-maintenance_release2_patch1
- version/cisco webex meetings server/2.5-maintenance_release5_patch1
- version/cisco webex meetings server/2.5-maintenance_release6_patch2
- version/cisco webex meetings server/2.5-maintenance_release6_patch3
- version/cisco webex meetings server/2.5-maintenance_release6_patch4
- version/cisco webex meetings server/2.5.1.29
- version/cisco webex meetings server/2.6
- version/cisco webex meetings server/2.6-maintenance_release1_patch1
- version/cisco webex meetings server/2.6-maintenance_release2_patch1
- version/cisco webex meetings server/2.6-maintenance_release3_patch1
- version/cisco webex meetings server/2.6-maintenance_release3_patch2
- version/cisco webex meetings server/2.7
- version/cisco webex meetings server/2.7-base
- version/cisco webex meetings server/2.7-maintenance_release1_patch1
- version/cisco webex meetings server/2.7-maintenance_release2_patch1
- version/cisco webex meetings server/2.7.1
- version/cisco webex meetings server/2.8
- version/cisco webex meetings server/2.8-base
- canonical/cisco webex business suite 32
- canonical/cisco webex business suite 33