Cisco.WebEx.Arbitrary.Code.Execution.CVE-2019-1928

description-logoDescription

This indicates the detection of an attack attempt against an Arbitrary Code Execution vulnerability in Cisco Webex products.
The vulnerability exists because the affected software improperly validates Advanced Recording Format (ARF) files. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

affected-products-logoAffected Products

Cisco Webex Business Suite sites - all Webex Network Recording Player and Webex Player releases earlier than Release WBS 39.5.5
Cisco Webex Meetings Online - all Webex Network Recording Player and Webex Player releases earlier than Release 1.3.43
Cisco Webex Meetings Server - all Webex Network Recording Player releases earlier than Release 2.8MR3Patch3, 3.0MR2Patch4, 4.0, or 4.0MR1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-08-08 14.666 Name:FG-VD-19-063_Cisco.
0day:Cisco.
WebEx.
Arbitrary.
Code.
Execution.
CVE-2019-1928
2019-07-11 14.647 Default_action:pass:drop
2019-06-26 14.639