The version of Cisco Webex Network Recording Player and Cisco Webex Player installed on the remote host is affected by multiple remote code execution vulnerabilities due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An unauthenticated remote attacker could exploit this, by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system to execute arbitrary code with the same privileges of the targeted user.
{"id": "CISCO-SA-20200304-WEBEX-PLAYER.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Cisco Webex Network Recording Player and Cisco Webex Player Multiple Vulnerabilities (cisco-sa-20200304-webex-player", "description": "The version of Cisco Webex Network Recording Player and Cisco Webex Player installed on the remote host is affected by multiple remote code execution vulnerabilities due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An unauthenticated remote attacker could exploit this, by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system to execute arbitrary code with the same privileges of the targeted user.", "published": "2020-03-13T00:00:00", "modified": "2020-03-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/134443", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89471", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3128", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr84091", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr82763", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr84096", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89202", "http://www.nessus.org/u?95d418ef", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89467"], "cvelist": ["CVE-2020-3127", "CVE-2020-3128"], "immutableFields": [], "lastseen": "2021-10-16T00:15:55", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20200304-WEBEX-PLAYER"]}, {"type": "cve", "idList": ["CVE-2020-3127", "CVE-2020-3128"]}, {"type": "threatpost", "idList": ["THREATPOST:31D0A4729A77138DBFEAA7F42CA065A2", "THREATPOST:FC2AB9DBD639AEF3E55048C4BBCFC321"]}, {"type": "zdi", "idList": ["ZDI-20-269"]}], "rev": 4}, "score": {"value": 9.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20200304-WEBEX-PLAYER"]}, {"type": "cve", "idList": ["CVE-2020-3127", "CVE-2020-3128"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813197"]}, {"type": "threatpost", "idList": ["THREATPOST:31D0A4729A77138DBFEAA7F42CA065A2", "THREATPOST:FC2AB9DBD639AEF3E55048C4BBCFC321"]}, {"type": "zdi", "idList": ["ZDI-20-269"]}]}, "exploitation": null, "vulnersScore": 9.0}, "pluginID": "134443", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134443);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/16\");\n\n script_cve_id(\"CVE-2020-3127\", \"CVE-2020-3128\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr82763\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr84091\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr84096\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr89202\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr89467\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvr89471\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20200304-webex-player\");\n script_xref(name:\"IAVA\", value:\"2020-A-0101\");\n\n script_name(english:\"Cisco Webex Network Recording Player and Cisco Webex Player Multiple Vulnerabilities (cisco-sa-20200304-webex-player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The video player installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco Webex Network Recording Player and Cisco Webex Player installed on the remote host is affected by\nmultiple remote code execution vulnerabilities due to insufficient validation of certain elements within a Webex\nrecording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An\nunauthenticated remote attacker could exploit this, by sending a malicious ARF or WRF file to a user through a link or\nemail attachment and persuading the user to open the file on the local system to execute arbitrary code with the same\nprivileges of the targeted user.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?95d418ef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr82763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr84091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr84096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr89471\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version of Webex Network Recording Player or Webex Player referenced in the Cisco\nadvisory\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3128\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:webex_advanced_recording_format_player\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"webex_player_installed.nasl\");\n script_require_keys(\"installed_sw/WebEx ARF/WRF Player\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'WebEx ARF/WRF Player';\nget_kb_item_or_exit('installed_sw/' + app);\n\napp_info = vcf::get_app_info(app:app);\n\nconstraints = [\n { 'fixed_version' : '39.5.12' },\n { 'min_version' : '39.6', 'fixed_version' : '39.11.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:cisco:webex_advanced_recording_format_player"], "solution": "Upgrade to the relevant fixed version of Webex Network Recording Player or Webex Player referenced in the Cisco advisory", "nessusSeverity": "High", "cvssScoreSource": "CVE-2020-3128", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-03-04T00:00:00", "vulnerabilityPublicationDate": "2020-03-04T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"cisco": [{"lastseen": "2022-03-12T05:34:24", "description": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.\n\nThe vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player\"]", "cvss3": {}, "published": "2020-03-04T16:00:00", "type": "cisco", "title": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-3127", "CVE-2020-3128"], "modified": "2020-03-04T16:00:00", "id": "CISCO-SA-20200304-WEBEX-PLAYER", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player", "cvss": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "threatpost": [{"lastseen": "2020-03-10T12:44:51", "description": "Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems.\n\nTwo multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing.\n\nThe vulnerabilities ([CVE-2020-3127](<https://nvd.nist.gov/vuln/detail/CVE-2020-3127>) and [CVE-2020-3128](<https://nvd.nist.gov/vuln/detail/CVE-2020-3128>)) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, \u201ccertain elements\u201d within a Webex recording that is stored in either ARF or WRF, said Cisco.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nWhile Cisco did not detail the technicalities of the vulnerabilities, it said that \u201can attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system,\u201d according to Cisco in a [Wednesday advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player>). \u201cA successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.\u201d\n\nBrian Gorenc, director of vulnerability research and head of Trend Micro\u2019s ZDI program, told Threatpost that the flaw allows remote attackers to execute arbitrary code \u2013 but it does require user interaction.\n\n\u201cUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,\u201d he told Threatpost via email. \u201cSpecifically, this bug exists is in atpdmod.dll module and the vulnerable code is reachable using a crafted ARF File. This program fails to initialize a pointer and later writes data to this pointer. In the worst case, this could lead to remote code execution in the context of the current process.\u201d\n\nDifferent versions of Webex Network Recording Player and Webex Player are affected by the flaws, based on the platforms they are being managed on. The players are available from Cisco Webex Meetings and Cisco Webex Meetings Online (which is when conferencing systems are managed by Cisco Webex), and Cisco Webex Meetings Server (where customers host and manage conferencing solutions in their own private clouds).\n\nFor Cisco Webex Meetings, affected versions for both products include releases earlier than WBS 39.5.17 or WBS 39.11.0. For Webex Meetings Online, affected versions for both products include releases earlier than 1.3.49. And, for Cisco Webex Meetings Server, versions of Webex Network Recording Player earlier 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2 are affected.\n\nTo determine which release of Cisco Webex Network Recording Player or Cisco Webex Player is installed on a system, users can open the player and choose Help > About. The fixed releases can be found below.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/05093159/Screen-Shot-2020-03-05-at-9.05.50-AM.png>)\n\nCisco said it\u2019s not aware of the flaws being exploited by attackers at this time. Francis Provencher (PRL) working with Trend Micro Zero Day Initiative, and Kexu Wang of Fortinet\u2019s FortiGuard Labs were credited with discovering the flaws (Threatpost has reached out to both researchers for further details of the vulnerability and will update this post accordingly).\n\nWebex has been haunted by other vulnerabilities since the start of the year. In January, [Cisco fixed a high-severity vulnerability](<https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/>) in Webex that could have let strangers barge in on password-protected meetings sans authentication. A [separate high-severity flaw](<https://threatpost.com/cisco-webex-bug-allows-remote-code-execution/151724/>) also disclosed by Cisco in January could enable a remote attacker to execute commands in Webex.\n\nBeyond Webex, Cisco on Wednesday [released patches addressing](<https://tools.cisco.com/security/center/publicationListing.x>) flaws tied to a total of 13 CVEs. Other high-severity flaws include a vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution, which is a tool allowing users to see and control content in a meeting room from their own devices. The certificate validation vulnerability ([CVE-2020-3155](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB>)) could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints.\n\nAnd, a high-severity cross-site request forgery (CSRF) flaw exists in Cisco Prime Network Registrar, software that is comprised of components for various services, including Domain Name System (DNS) services and Dynamic Host Configuration Protocol services. The flaw (CVE-2020-3148) in the online interface of the registrar could allow an unauthenticated, remote attacker to conduct a CSRF attack on an affected systems.\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-05T15:11:11", "type": "threatpost", "title": "High-Severity Cisco Webex Flaws Fixed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-3127", "CVE-2020-3128", "CVE-2020-3148", "CVE-2020-3155"], "modified": "2020-03-05T15:11:11", "id": "THREATPOST:31D0A4729A77138DBFEAA7F42CA065A2", "href": "https://threatpost.com/high-severity-cisco-webex-flaws-fixed/153462/?utm_source=rss&utm_medium=rss&utm_campaign=high-severity-cisco-webex-flaws-fixed", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-15T22:23:16", "description": "Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems.\n\nTwo multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing.\n\nThe vulnerabilities ([CVE-2020-3127](<https://nvd.nist.gov/vuln/detail/CVE-2020-3127>) and [CVE-2020-3128](<https://nvd.nist.gov/vuln/detail/CVE-2020-3128>)) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, \u201ccertain elements\u201d within a Webex recording that is stored in either ARF or WRF, said Cisco.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nWhile Cisco did not detail the technicalities of the vulnerabilities, it said that \u201can attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system,\u201d according to Cisco in a [Wednesday advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player>). \u201cA successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.\u201d\n\nBrian Gorenc, director of vulnerability research and head of Trend Micro\u2019s ZDI program, told Threatpost that the flaw allows remote attackers to execute arbitrary code \u2013 but it does require user interaction.\n\n\u201cUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,\u201d he told Threatpost via email. \u201cSpecifically, this bug exists is in atpdmod.dll module and the vulnerable code is reachable using a crafted ARF File. This program fails to initialize a pointer and later writes data to this pointer. In the worst case, this could lead to remote code execution in the context of the current process.\u201d\n\nDifferent versions of Webex Network Recording Player and Webex Player are affected by the flaws, based on the platforms they are being managed on. The players are available from Cisco Webex Meetings and Cisco Webex Meetings Online (which is when conferencing systems are managed by Cisco Webex), and Cisco Webex Meetings Server (where customers host and manage conferencing solutions in their own private clouds).\n\nFor Cisco Webex Meetings, affected versions for both products include releases earlier than WBS 39.5.17 or WBS 39.11.0. For Webex Meetings Online, affected versions for both products include releases earlier than 1.3.49. And, for Cisco Webex Meetings Server, versions of Webex Network Recording Player earlier 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2 are affected.\n\nTo determine which release of Cisco Webex Network Recording Player or Cisco Webex Player is installed on a system, users can open the player and choose Help > About. The fixed releases can be found below.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/05093159/Screen-Shot-2020-03-05-at-9.05.50-AM.png>)\n\nCisco said it\u2019s not aware of the flaws being exploited by attackers at this time. Francis Provencher (PRL) working with Trend Micro Zero Day Initiative, and Kexu Wang of Fortinet\u2019s FortiGuard Labs were credited with discovering the flaws (Threatpost has reached out to both researchers for further details of the vulnerability and will update this post accordingly).\n\nWebex has been haunted by other vulnerabilities since the start of the year. In January, [Cisco fixed a high-severity vulnerability](<https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/>) in Webex that could have let strangers barge in on password-protected meetings sans authentication. A [separate high-severity flaw](<https://threatpost.com/cisco-webex-bug-allows-remote-code-execution/151724/>) also disclosed by Cisco in January could enable a remote attacker to execute commands in Webex.\n\nBeyond Webex, Cisco on Wednesday [released patches addressing](<https://tools.cisco.com/security/center/publicationListing.x>) flaws tied to a total of 13 CVEs. Other high-severity flaws include a vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution, which is a tool allowing users to see and control content in a meeting room from their own devices. The certificate validation vulnerability ([CVE-2020-3155](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB>)) could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints.\n\nAnd, a high-severity cross-site request forgery (CSRF) flaw exists in Cisco Prime Network Registrar, software that is comprised of components for various services, including Domain Name System (DNS) services and Dynamic Host Configuration Protocol services. The flaw (CVE-2020-3148) in the online interface of the registrar could allow an unauthenticated, remote attacker to conduct a CSRF attack on an affected systems.\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-05T15:11:11", "type": "threatpost", "title": "High-Severity Cisco Webex Flaws Fixed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-3127", "CVE-2020-3128", "CVE-2020-3148", "CVE-2020-3155"], "modified": "2020-03-05T15:11:11", "id": "THREATPOST:FC2AB9DBD639AEF3E55048C4BBCFC321", "href": "https://threatpost.com/high-severity-cisco-webex-flaws-fixed/153462/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T22:09:12", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARF files. Crafted data in an ARF file can trigger access to memory prior to initialization. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-05T00:00:00", "type": "zdi", "title": "Cisco WebEx Network Recording Player ARF File Uninitialized Pointer Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3127"], "modified": "2020-03-05T00:00:00", "id": "ZDI-20-269", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T17:33:53", "description": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-04T19:15:00", "type": "cve", "title": "CVE-2020-3127", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3127"], "modified": "2020-03-05T23:15:00", "cpe": ["cpe:/a:cisco:webex_meetings_server:4.0", "cpe:/a:cisco:webex_meetings_server:3.0"], "id": "CVE-2020-3127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3127", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:33:51", "description": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-04T19:15:00", "type": "cve", "title": "CVE-2020-3128", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3128"], "modified": "2020-03-05T20:38:00", "cpe": ["cpe:/a:cisco:webex_meetings_server:4.0", "cpe:/a:cisco:webex_meetings_server:3.0"], "id": "CVE-2020-3128", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3128", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*"]}]}
Cisco Webex Network Recording Player and Cisco Webex Player Multiple Vulnerabilities (cisco-sa-20200304-webex-player
