Cisco.WebEx.Arbitrary.Code.Execution.CVE-2019-1928
Description
This indicates the detection of an attack attempt against an Arbitrary Code Execution vulnerability in Cisco Webex products.
The vulnerability exists because the affected software improperly validates Advanced Recording Format (ARF) files. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
Affected Products
Cisco Webex Business Suite sites - all Webex Network Recording Player and Webex Player releases earlier than Release WBS 39.5.5
Cisco Webex Meetings Online - all Webex Network Recording Player and Webex Player releases earlier than Release 1.3.43
Cisco Webex Meetings Server - all Webex Network Recording Player releases earlier than Release 2.8MR3Patch3, 3.0MR2Patch4, 4.0, or 4.0MR1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |