Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players

  • Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.

    The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

    Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF and WRF Players to address these vulnerabilities. There are no workarounds that address these vulnerabilities.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players

Affected Products
  • Vulnerable Products

    The vulnerabilities disclosed in this advisory affect the Cisco WebEx ARF Player and the Cisco WebEx WRF Player. The following client builds of Cisco WebEx Business Suite (WBS30, WBS 31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected by at least one of the vulnerabilities described in this advisory:

    • Cisco WebEx Business Suite (WBS30) client builds prior to T30.20
    • Cisco WebEx Business Suite (WBS31) client builds prior to T31.14.1
    • Cisco WebEx Business Suite (WBS32) client builds prior to T32.2
    • Cisco WebEx Meetings with client builds prior to T31.14
    • Cisco WebEx Meeting Server builds prior to 2.7MR3

    To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under About Meeting Center. See the “Fixed Software” section for details.

    Alternatively, version information of the Cisco WebEx meeting client can be accessed from within the Cisco WebEx meeting client. Version information for the Cisco WebEx meeting client on Windows and Linux platforms can be viewed by choosing Help > About Cisco WebEx Meeting Center. Version information for the Cisco WebEx meeting client on Mac platforms can be viewed by choosing Meeting Center > About Cisco WebEx Meeting Center.

    The Cisco WebEx software updates are cumulative in client builds. For example, if client build 30.32.16 is fixed, build 30.32.17 will contain updated software. Cisco WebEx site administrators have access to secondary version nomenclature, for example, T30 SP32 EP 16, which shows that the server is running client build 30.32.16.




    Note: Customers who do not receive automatic software updates may be running versions of Cisco WebEx that have reached end of software maintenance and should contact customer support.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these vulnerabilities.
Details
  • The Cisco WebEx Business Suite (WBS) meeting services and Cisco WebEx Meetings are a hosted multimedia conferencing solution that is managed and maintained by Cisco WebEx. The Cisco WebEx Meetings Server is a multimedia conferencing solution that customer can host in their private clouds.

    The ARF and WRF file formats are used to store WebEx meeting recordings that have been recorded on a WebEx meeting site, or on the computer of an online meeting attendee.

    The Cisco WebEx ARF Player and the Cisco WebEx WRF Player are applications that are used to play back and edit WebEx ARF and WRF recording files (files with .arf and .wrf extensions).

    The Cisco WebEx ARF Player and Cisco WebEx WRF Player can be automatically installed when a user accesses a recording file that is hosted on a WebEx meeting site (for streaming playback mode). The Cisco WebEx ARF Player and Cisco WebEx WRF Player can also be manually installed after downloading the application from http://www.webex.com/play-webex-recording.html to play back recording files for offline playback.

    The Cisco WebEx ARF Player is available for all Cisco WebEx meeting site clients (WBS30, WBS31, WBS32, and WebEx Meetings) and for Cisco WebEx Meetings Server clients. The Cisco WebEx WRF Player is only available for Cisco WebEx WBS30, WBS 31, and WBS32 meeting site clients and is not available for the Cisco WebEx Meetings or Cisco WebEx Meetings Server clients.

Workarounds
  • There are no workarounds that address these vulnerabilities. However, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X users) available for download from the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX000026396.

    Removal of the WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article: https://collaborationhelp.cisco.com/article/en-us/WBX28548.

    CVE Numbers

    CVE-2017-12367
    CVE-2017-12368
    CVE-2017-12369
    CVE-2017-12370
    CVE-2017-12371
    CVE-2017-12372

Further Details

Click here – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players



Leave a Reply