BID:106704

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

CVE-2019-1637 | CVE-2019-1638 | CVE-2019-1639 | CVE-2019-1640 | CVE-2019-1641 |

Info

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

Bugtraq ID:	106704
Class:	Input Validation Error
CVE:	CVE-2019-1638 CVE-2019-1639 CVE-2019-1640 CVE-2019-1641 CVE-2019-1637
Remote:	Yes
Local:	No
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	Zero Day Initiative, Kushal Arvind Shah and Yonghui Han of Fortinet.
Vulnerable:	Cisco WebEx Player 0 Cisco WebEx Network Recording Player 0 Cisco WebEx Meetings Server 3.0MR2 Patch 1 Cisco WebEx Meetings Server 3.0MR2 Cisco WebEx Meetings Server 3.0MR1 Cisco WebEx Meetings Server 3.0 Patch 1 Cisco WebEx Meetings Server 3.0 Cisco WebEx Meetings Server 2.8 MR2 Cisco WebEx Meetings Server 2.8 Cisco WebEx Meetings Server 0 Cisco Webex Meetings Online 1.3.37 Cisco Webex Meetings Online 1.3.35 Cisco Webex Meetings Online 0 Cisco WebEx Business Suite WBS33.4 Cisco WebEx Business Suite WBS33 Cisco WebEx Business Suite WBS32.15.20 Cisco WebEx Business Suite WBS32

Not Vulnerable:	Cisco WebEx Meetings Server 3.0 MR2 SP2 Cisco WebEx Meetings Server 2.8 MR3 SP1 Cisco Webex Meetings Online 1.3.40 Cisco WebEx Business Suite WBS33.7.0 Cisco WebEx Business Suite WBS33.6.1 Cisco WebEx Business Suite WBS32.15.33

Discussion

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

Cisco WebEx Network Recording Player is prone to multiple remote code-execution vulnerabilities.

Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the application.

These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165.

Exploit / POC

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities

References:

Cisco Homepage (Cisco )
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities (Cisco)