The Latest in IT Security

Cisco Warns of WebEx Player Security Vulnerabilities

09
May
2014

Switching and networking vendor Cisco is warning about serious security vulnerabilities in the Cisco WebEx Players used by businesses for recording and playback of meeting recordings.

In all, the company warned about five separate buffer overflow security flaws that exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players.

A hacker who successfully exploited these vulnerabilities could, in some instances, launch harmful code directly against a targeted user. A successful compromise could also cause the WebEx player to crash, Cisco warned in an advisory that carries a CVSS Base Score of 7.8.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

The company has shipped patches for users of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.

According to Cisco, updates are available for the following:

Cisco WebEx Business Suite (WBS29) client builds T29.2 or later

Cisco WebEx Business Suite (WBS28) client builds T28.12 or later

Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16) or later

Cisco WebEx 11 versions prior to 1.2.10 with client builds T28.12 or later

Cisco WebEx Meetings Server client builds 2.0.0.1677 or later

Cisco WebEx Meetings Server client builds Orion 2.0 or later

Tweet

Ryan is the host of the podcast series “Security Conversations – a podcast with Ryan Naraine”. He is the head of Kaspersky Lab’s Global Research & Analysis team in the USA and has extensive experience in computer security user education, specializing in operating system and third-party application vulnerabilities, zero-day attacks, social engineering and social networking threats. Prior to joining Kaspersky Lab, he monitored security and hacker attack trends for over 10 years, writing for eWEEK magazine and the ZDNet Zero Day blog. Follow Ryan on Twitter @ryanaraine.Previous Columns by Ryan Naraine:Cisco Warns of WebEx Player Security VulnerabilitiesPodcast: CrowdStrikes Adam Meyers Discusses Attacks Emanating from China, Russia and the Middle EastBlackBerry 10 Haunted by Adobe Flash VulnerabilitiesBoston Restaurant Group Confirms Credit Card Data TheftAffinity Gaming Credit Card, Debit Card System Hacked

sponsored links

Tags: Network Security

NEWS INDUSTRY

Incident Management

Phishing

Virus Malware

Malware

Vulnerabilities

Comments are closed.

Categories

TUESDAY, AUGUST 04, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments