Switching and networking vendor Cisco is warning about serious security vulnerabilities in the Cisco WebEx Players used by businesses for recording and playback of meeting recordings.
In all, the company warned about five separate buffer overflow security flaws that exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players.
A hacker who successfully exploited these vulnerabilities could, in some instances, launch harmful code directly against a targeted user. A successful compromise could also cause the WebEx player to crash, Cisco warned in an advisory that carries a CVSS Base Score of 7.8.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.
The company has shipped patches for users of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.
According to Cisco, updates are available for the following:
- Cisco WebEx Business Suite (WBS29) client builds T29.2 or later
- Cisco WebEx Business Suite (WBS28) client builds T28.12 or later
- Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16) or later
- Cisco WebEx 11 versions prior to 1.2.10 with client builds T28.12 or later
- Cisco WebEx Meetings Server client builds 2.0.0.1677 or later
- Cisco WebEx Meetings Server client builds Orion 2.0 or later
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Sentra Raises $30 Million for DSPM Technology
- Saviynt Raises $205M; Founder Rejoins as CEO
- OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings
- Tenable Launches $25 Million Early-Stage Venture Fund
- VMware Plugs Critical Code Execution Flaws
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
