• Home
  • High-severity Cisco Webex flaws fixed!

High-severity Cisco Webex flaws fixed!

7 Mar 2020 10:36 PM | Anonymous member (Administrator)

Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems.

Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording Player, used to play back Advanced Recording Format (ARF) files on the Windows operating system. ARF files contain data from a recorded online meeting, such as video data and a list of attendees. Cisco Webex Player is also affected, which used to play back Webex Recording Format (WRF) files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing.

The vulnerabilities (CVE-2020-3127 and CVE-2020-3128) are both 7.8 out of 10.0 on the CVSS scale, making them high-severity. They stem from an insufficient validation of non-detailed, “certain elements” within a Webex recording that is stored in either ARF or WRF, said Cisco.

For more information, please visit:


© Copyright 2019. (ISC)² Singapore Chapter. All Rights Reserved.

Powered by Wild Apricot Membership Software