Triggered via malicious files, flaws in Cisco WebEx players can lead to RCE
Cisco has plugged six security holes in Cisco WebEx Network
Recording Player for Advanced Recording Format (ARF) and WebEx Recording
Format (WRF) files that could be exploited by remote attackers to
execute malicious code on a target system.
“The ARF and WRF file formats are used to store WebEx meeting
recordings that have been recorded on a WebEx meeting site, or on the
computer of an online meeting attendee,” the company explained.
“The Cisco WebEx players are applications that are used to play back
WebEx meeting recordings that have been recorded by an online meeting
attendee. The player can be automatically installed when the user
accesses a recording file that is hosted on a WebEx server.”
Vulnerability exploitation
Exploitation of the vulnerabilities can be triggered via malicious
ARF or WRF files. Attackers can send such a file as an attachment, or
provide a link to it in an email. In both cases, they have to convince
users to download and open the malicious file.
The company made sure to note that the vulnerabilities can’t be triggered by users who are attending a WebEx meeting.
Users of Cisco WebEx Business Suite, Cisco WebEx Meetings, and Cisco
WebEx Meeting Server should check whether their installations are
vulnerable and implement the provided security updates (if they haven’t
by now made sure to receive automatic software updates). Instructions on
how to do so are provided in the security advisory.
The good news is that vulnerabilities were discovered and reported by
security researchers, and there is currently no indication that they
are being exploited in the wild.
But, with their existence having now been made public, attackers
could quickly move to create exploits and target businesses, so updating
the software to the latest release as soon as possible is advisable.
There are no workarounds for these issues, Cisco added. The only
thing left to do if you can’t upgrade is to remove all WebEx software
completely from a system.
i read the above notes and clarify my doubts very well.in this information i observe lot of things about how to study.........thanks a lot
ReplyDeletetop 10 ccna training institute in chennai
ccna training institute in coimbatore
ccna Training Institute in Bangalore
ccna training in madurai
This comment has been removed by the author.
ReplyDelete