What is the severity of cisco-sa-webex-nbr-NOS6FQ24?

The severity of cisco-sa-webex-nbr-NOS6FQ24 is high due to the potential for arbitrary code execution.

How do I fix cisco-sa-webex-nbr-NOS6FQ24?

To fix cisco-sa-webex-nbr-NOS6FQ24, upgrade to the latest version of the Cisco Webex Network Recording Player or Webex Player.

Which products are affected by cisco-sa-webex-nbr-NOS6FQ24?

The affected products include Cisco Webex Meetings Server versions 4.x, 3.x, and Webex Meetings sites up to specific versions.

What type of attack can be executed through cisco-sa-webex-nbr-NOS6FQ24?

cisco-sa-webex-nbr-NOS6FQ24 allows attackers to execute arbitrary code on vulnerable systems.

Is there a workaround for cisco-sa-webex-nbr-NOS6FQ24?

Currently, Cisco recommends upgrading to a patched version as the primary mitigation for cisco-sa-webex-nbr-NOS6FQ24.

Vulnerability/
cisco-sa-webex-nbr-NOS6FQ24

high

7.8

CWE

119

4/11/2020

cisco-sa-webex-nbr-NOS6FQ24: Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

First published: Wed Nov 04 2020(Updated: )

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24

Credit: Francis Provencher (PRL) Trend Micro Zero Day Initiative for reporting these vulnerabilities

Affected Software	Affected Version	How to fix
Cisco Webex Platform	=Webex Meetings Server 4.x<4.0MR3 SP3=Webex Meetings Server 3.x<3.0MR3 SP4=Webex Meetings sites<40.8.0=Webex Meetings 40.6.x sites<40.6.11	4.0MR3 SP3 3.0MR3 SP4 40.8.0 40.6.11

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24 (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of cisco-sa-webex-nbr-NOS6FQ24?
The severity of cisco-sa-webex-nbr-NOS6FQ24 is high due to the potential for arbitrary code execution.
How do I fix cisco-sa-webex-nbr-NOS6FQ24?
To fix cisco-sa-webex-nbr-NOS6FQ24, upgrade to the latest version of the Cisco Webex Network Recording Player or Webex Player.
Which products are affected by cisco-sa-webex-nbr-NOS6FQ24?
The affected products include Cisco Webex Meetings Server versions 4.x, 3.x, and Webex Meetings sites up to specific versions.
What type of attack can be executed through cisco-sa-webex-nbr-NOS6FQ24?
cisco-sa-webex-nbr-NOS6FQ24 allows attackers to execute arbitrary code on vulnerable systems.
Is there a workaround for cisco-sa-webex-nbr-NOS6FQ24?
Currently, Cisco recommends upgrading to a patched version as the primary mitigation for cisco-sa-webex-nbr-NOS6FQ24.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/cisco-advisory
source/Cisco
agent/software-canonical-lookup
agent/title
agent/severity
agent/references
agent/author
agent/weakness
agent/event
agent/description
agent/trending
agent/tags
agent/source
vendor/cisco
canonical/cisco webex platform
version/cisco webex platform/webex meetings server 4.x
version/cisco webex platform/webex meetings server 3.x
version/cisco webex platform/webex meetings sites
version/cisco webex platform/webex meetings 40.6.x sites

Frequently Asked Questions

What is the severity of cisco-sa-webex-nbr-NOS6FQ24?
The severity of cisco-sa-webex-nbr-NOS6FQ24 is high due to the potential for arbitrary code execution.
How do I fix cisco-sa-webex-nbr-NOS6FQ24?
To fix cisco-sa-webex-nbr-NOS6FQ24, upgrade to the latest version of the Cisco Webex Network Recording Player or Webex Player.
Which products are affected by cisco-sa-webex-nbr-NOS6FQ24?
The affected products include Cisco Webex Meetings Server versions 4.x, 3.x, and Webex Meetings sites up to specific versions.
What type of attack can be executed through cisco-sa-webex-nbr-NOS6FQ24?
cisco-sa-webex-nbr-NOS6FQ24 allows attackers to execute arbitrary code on vulnerable systems.
Is there a workaround for cisco-sa-webex-nbr-NOS6FQ24?
Currently, Cisco recommends upgrading to a patched version as the primary mitigation for cisco-sa-webex-nbr-NOS6FQ24.

cisco-sa-webex-nbr-NOS6FQ24: Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the severity of cisco-sa-webex-nbr-NOS6FQ24?

How do I fix cisco-sa-webex-nbr-NOS6FQ24?

Which products are affected by cisco-sa-webex-nbr-NOS6FQ24?

What type of attack can be executed through cisco-sa-webex-nbr-NOS6FQ24?

Is there a workaround for cisco-sa-webex-nbr-NOS6FQ24?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of cisco-sa-webex-nbr-NOS6FQ24?

How do I fix cisco-sa-webex-nbr-NOS6FQ24?

Which products are affected by cisco-sa-webex-nbr-NOS6FQ24?

What type of attack can be executed through cisco-sa-webex-nbr-NOS6FQ24?

Is there a workaround for cisco-sa-webex-nbr-NOS6FQ24?