PRUEBA AHORA
Vulnerability

Cisco Webex Vulnerability Detected In Multiple Products

3 min. read
04/06/2021
By Esben Dochy
Cisco-Webex-Vulnerability

Cisco released security updates to fix vulnerabilities for some of their products. If these Cisco Webex Player vulnerabilities aren’t patched, an attacker could take control of the affected system. We advise you to run our custom coded report to fix these high severity flaws.

⚡ TL;DR | Go Straight to the Cisco Webex Player Vulnerability Report.

CVE-2021-1503

This vulnerability exists in the Cisco Webex Network Recording Player and the Cisco Webex Player. It could allow to execute arbitrary code by the attacker. It’s caused due to insufficient validation of values in Webex recording files that are in the following formats: Advanced Recording Format (ARF) or Webex Recording Format (WRF).

CVE-2021-1526

A memory corruption vulnerability within the Cisco Webex Player could allow an attacker to execute arbitrary code on your affected system. Due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF), an attacker could send a malicious WRF file to the user.

CVE-2021-1502

A vulnerability within Cisco Webex Network Recording Player and Cisco Webex player allow an attacker to execute arbitrary code on your system. Again, this is caused due to insufficient validation of values within Webex recording files formatted as Advanced Recording Format (ARF) or Webex Recording Format (WRF).

Want to run this Audit Report?

Start your Free Lansweeper Trial to run the Audit Report.

Try for Free

CVE-2021-1525

Cisco Webex Meetings and Cisco Webex Meetings Server contain a vulnerability that allows an unauthenticated and remote attacker to redirect users to a malicious file. It’s caused due to improper validation of URL paths in the application interface.

CVE-2021-1527

There is a vulnerability in Cisco Webex Player which allows an attacker to cause the affected software to shut down or to gain access to memory stat information that is linked to the vulnerable app. Insufficient validation of values in Webex recording files that are saved in Webex Recording Format (WRF).

CVE-2021-1517

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server allows an authenticated, remote attacker to bypass security protections. This is caused due to unsafe handling of shared content within the viewer feature.

CVE-2021-1536

Cisco Webex Meetings Desketop App, Cisco Webex Meetings Server, Cisco Webex Network Recording Player and Cisco Webex Teams contain a vulnerability that allow an authenticated, local attacker to perform a DLL injection attack on your device. This can happen because of incorrect handling of directory paths at run time.

CVE-2021-1544

There is a vulnerability in logging mechanisms of Cisco Webex Meetings client software which allows an authenticated, local attacker to gain access to important information. It’s caused by unsafe logging of application actions.

Run Our Custom-Coded Webex Vulnerability Report

To help you quickly identify which Cisco Webex installation might be vulnerable and still need to be updated. We’ve created a special report that lists all your Cisco WebEx Recorder and Player installations and WebEx Network Recording Player along with the version. Additionally, it is color-coded to indicate whether you still need to update them or if they are safe. This makes it easy to keep an overview of which machines you still need to work on. Remember that cybersecurity remains an important item during these times.