Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems.
Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing.
The vulnerabilities (CVE-2020-3127 and CVE-2020-3128) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, “certain elements” within a Webex recording that is stored in either ARF or WRF, said Cisco.
For more information, please visit: