====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN287
_____________________________________________________________________

DATE                : 20/09/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running ARF recording players available
                      from Cisco Webex Meetings Suite sites,
                      Cisco Webex Meetings Online sites,
                      Cisco Webex Meetings Server.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex
_____________________________________________________________________

Cisco Security Advisory: Cisco Webex Network Recording Player Remote
Code Execution Vulnerabilities

Advisory ID: cisco-sa-20180919-webex

Revision: 1.0

For Public Release: 2018 September 19 16:00 GMT

Last Updated: 2018 September 19 16:00 GMT

CVE ID(s): CVE-2018-15414, CVE-2018-15421, CVE-2018-15422

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

Multiple vulnerabilities in the Cisco Webex Network Recording Player for
Advanced Recording Format (ARF) could allow an unauthenticated, remote
attacker to execute arbitrary code on a targeted system.

The vulnerabilities are due to improper validation of Webex recording
files. An attacker could exploit this vulnerability by sending a user a
link or email attachment containing a malicious file and persuading the
user to open the file in the Cisco Webex Player. A successful exploit
could allow the attacker to execute arbitrary code on an affected
system.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================