Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
21.9.2018 securityaffairs
Vulnerebility

Cisco released security patches to fix RCE flaws in the Webex Network Recording Player for Advanced Recording Format (ARF).
Cisco released security patches to address vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) (CVE-2018-15414, CVE-2018-15421, and CVE-2018-15422) that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system

The Webex Meetings Server is a collaboration and communications solution that can be deployed on a private cloud and which manages the Webex Meetings Suite services and Webex Meetings Online hosted multimedia conferencing solutions.

The Meetings services allow customers to record meetings and store them online or in an ARF format or on a local computer, in WRF format.

The relative player Network Recording Player can be installed either automatically when a user accesses a recording file hosted on a Webex Meetings Suite site or manually by downloading it from the Webex site.

The lack of proper validation for the Webex recording files is the root cause of the vulnerabilities that could allow unauthenticated, remote attacker to execute arbitrary code on the target machine.

“Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.” reads the security advisory published by Cisco.

“The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a user a link or email attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system.”


An attacker could exploit the flaw by tricking victims into opening a malicious file in the Cisco Webex Player, the file could be sent via email as an attachment or through a link in the content referencing it.

The vulnerabilities affect the following ARF recording players:

Cisco Webex Meetings Suite (WBS32) – Webex Network Recording Player versions prior to WBS32.15.10
Cisco Webex Meetings Suite (WBS33) – Webex Network Recording Player versions prior to WBS33.3
Cisco Webex Meetings Online – Webex Network Recording Player versions prior to 1.3.37
Cisco Webex Meetings Server – Webex Network Recording Player versions prior to 3.0MR2
Each version of the Webex Network Recording Players for Windows, OS X, and Linux is affected by at least one of the issues.

The following Network Recording Player updates address the vulnerabilities:

Meetings Suite (WBS32) – Player versions WBS32.15.10 and later and Meetings Suite (WBS33) – Player versions WBS33.3 and later;
Meetings Online – Player versions 1.3.37 and later; and Meetings Server – Player versions 3.0MR2 and later.
Cisco warns that there are no known workarounds for these issues.

“The Cisco Webex Network Recording Player (for .arf files) will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a Cisco Webex Meetings site that contains the versions previously specified,” concludes the Cisco advisory.