Cisco released updates for various elements of its online video conferencing and meeting platform WebEx fix approximately multiple vulnerabilities, containing harmful errors that can be oppressed for faraway code implementation.
An amount of six susceptibilities distressing the WebEx Network Recording Player for Advanced Recording Format – ARF and WebEx Recording Format – WRF files have been categorized as harmful. The influenced player is utilized to play back recorded WebEx meetings, conferences, and seminars. It can be fitted mechanically when a recording data file hosted on a WebEx server is released.
The security and safety holes influencing the Network Recording Player can be oppressed by a faraway cyberpunk to reason a denial-of-service (DoS) situation in the software and perhaps perform random code by attaining the directed user to expose particularly created ARF or WRF files. Cisco identified that the cyberpunk can send the hostile files to sufferers via email or acquire them to expose a web page hosting the data files.
Cisco has fixed the susceptibilities in WebEx Business Suite meeting and conference sites, WebEx Meetings sites, WebEx Meetings Server, and WebEx ARF and WRF Players. The advisory of Cisco offers complete information on influenced versions and the accessibility of patches. The CVE identifiers have been allocated as given below: CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371 and CVE-2017-12372.
Andrea Micalizzi (rgod) and Steven Seeley of Offensive Security reported the errors to Cisco via Trend Micro’s Zero Day Initiative (ZDI), Fortinet’s Kushal Arvind Shah, and Qihoo 360 researcher Yihan Lian. ZDI has until now to create the advisories for the errors identified by Seeley and Micalizzi public.
Cisco got no sign that the susceptibilities had been oppressed in hostile threats.
Moreover, Lian revealed a moderate sternness DoS susceptibility in the WebEx Network Recording Player. A distant assailant can root the player to smash by receiving the directed user to expose a hostile WRF data file.
The networking giant issued four extra advisories describing WebEx susceptibilities on Wednesday. These feebleness has also been valued “medium severity” and they contain cross-site scripting – XSS and URL rerouting susceptibilities in WebEx Meeting Center, an information revelation virus in Event Center, and an error that can be oppressed to adjust the greeting message in Meeting Server.