Remote code execution in Cisco Webex Network Recording Player and Webex Player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-1637 CVE-2019-1638 CVE-2019-1639 CVE-2019-1640 CVE-2019-1641 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Webex Player Client/Desktop applications / Multimedia software Cisco WebEx Network Recording Player Client/Desktop applications / Multimedia software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU17206
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1637
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A remote unauthenticated attacker can trick the victim into opening a malicious ARF or WRF file with the affected software and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebex Player: All versions
Cisco WebEx Network Recording Player: All versions
CPE2.3- cpe:2.3:a:cisco_systems:webex_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_webex_network_recording_player:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU17207
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A remote unauthenticated attacker can trick the victim into opening a malicious ARF or WRF file with the affected software and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebex Player: All versions
Cisco WebEx Network Recording Player: All versions
CPE2.3- cpe:2.3:a:cisco_systems:webex_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_webex_network_recording_player:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU17208
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1639
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A remote unauthenticated attacker can trick the victim into opening a malicious ARF or WRF file with the affected software and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebex Player: All versions
Cisco WebEx Network Recording Player: All versions
CPE2.3- cpe:2.3:a:cisco_systems:webex_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_webex_network_recording_player:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU17209
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1640
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A remote unauthenticated attacker can trick the victim into opening a malicious ARF or WRF file with the affected software and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebex Player: All versions
Cisco WebEx Network Recording Player: All versions
CPE2.3- cpe:2.3:a:cisco_systems:webex_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_webex_network_recording_player:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU17210
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-1641
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A remote unauthenticated attacker can trick the victim into opening a malicious ARF or WRF file with the affected software and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWebex Player: All versions
Cisco WebEx Network Recording Player: All versions
CPE2.3- cpe:2.3:a:cisco_systems:webex_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_webex_network_recording_player:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
