Network Security, Security Strategy, Plan, Budget

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

The flaws could cause an affected player to crash and in some cases allow arbitrary code execution on the system if a remote attacker sent a malicious ARF or WRF file via email or URL and convincing the user to launch the file, according to a Cisco advisory last updated Nov. 30, 2017.

The patch has a “Critical” severity rating and addresses CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371, and CVE-2017-12372.

“The vulnerabilities disclosed in this advisory affect the Cisco WebEx ARF Player and the Cisco WebEx WRF Player,” the advisory said. “The following client builds of Cisco WebEx Business Suite (WBS30, WBS 31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected by at least one of the vulnerabilities described in this advisory”

There are no workarounds to address these vulnerabilities however, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X users).

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.