首頁 > 安全研究 > 安全通報 > 安全通告

Cisco Webex 多個高危漏洞安全通告

發布時間 2019-01-25

漏洞編號和級別


CVE編號:CVE-2019-1637,危險級別:高危,CVSS分值:廠商自評:7.8,官方未評定CVE編號:CVE-2019-1638,危險級別:高危,CVSS分值:廠商自評:7.8,官方未評定CVE 編號:CVE-2019-1639,危險級別:高危,CVSS 分值:廠商自評:7.8,官方未評定


CVE 編號:CVE-2019-1640,危險級別:高危,CVSS 分值:廠商自評:7.8,官方未評定

CVE 編號:CVE-2019-1641,危險級別:高危,CVSS 分值:廠商自評:7.8,官方未評定


影響范圍


受影響產品:

Cisco Webex Business Suite WBS32 sites — All Webex Network Recording Player and Webex Player versions prior to Version WBS32.15.33


Cisco Webex Business Suite WBS33 sites — All Webex Network Recording Player and Webex Player versions prior to Version WBS33.6.1 or WBS 33.7.0


Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player versions prior to Version 1.3.40


Cisco Webex Meetings Server — All Webex Network Recording Player versions prior to Version 2.8MR3 SecurityPatch1 or 3.0MR2 SecurityPatch2


漏洞概述


Cisco Webex Business Suite WBS32 sites等都是美國思科(Cisco)公司的視頻會議解決方案。Cisco Webex Network Recording PlayerWebex Player都是其中的用于播放視頻會議記錄的播放器。


基于Windows平臺的Cisco Webex Network Recording PlayerWebex Player中存在的多個漏洞可能允許攻擊者在受影響的系統上執行任意代碼。漏洞源于程序錯誤地驗證了ARFWRF文件。攻擊者可通過鏈接或郵件附件發送惡意的ARFWRF文件并誘使用戶打開該文件,利用該漏洞在受影響系統上執行任意代碼。


修復建議


目前廠商已發布升級補丁以修復漏洞:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce.


Cisco Webex Business Suite WBS32 sites — Webex Network Recording Player and Webex Player Versions WBS32.15.33 and later


Cisco Webex Business Suite WBS33 sites — Webex Network Recording Player and Webex Player Versions WBS33.6.1 and later


Cisco Webex Meetings Online — Webex Network Recording Player and Webex Player Versions 1.3.40 and later


Cisco Webex Meetings Server — Webex Network Recording Player Versions 2.8MR3 SecurityPatch1 or 3.0MR2 SecurityPatch2 and later



參考鏈接


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce

上一篇 下一篇