Rewterz Threat Alert – More Covid-19 Malicious URLs
April 17, 2020Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow
April 17, 2020Rewterz Threat Alert – More Covid-19 Malicious URLs
April 17, 2020Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow
April 17, 2020Severity
High
Analysis Summary
CVE-2020-3194
The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
Impact
Arbitrary Code Execution
Affected Vendors
Cisco
Affected Products
- Cisco Webex Network Recording Player
- Cisco Webex Player
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby