Cisco.Webex.CVE-2020-3194.Memory.Corruption
Description
This indicates an attack attempt against a Memory Corruption vulnerability in Cisco Webex Network Recording Player and Webex Player.
The vulnerability is caused by an error when the vulnerable software handles a crafted ARF file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the user, via a crafted ARF file.
Affected Products
Cisco Webex Meetings sites - All Webex Network Recording Player and Webex Player releases earlier than Release WBS 39.5.18 or Release WBS 40.2
Cisco Webex Meetings Online sites - All Webex Network Recording Player and Webex Player releases earlier than Release 1.3.48
Cisco Webex Meetings Server - All Webex Network Recording Player releases earlier than Release 4.0MR3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |