Cisco Webex 多个高危漏洞安全通告
发布时间 2019-01-25漏洞编号和级别
CVE编号:CVE-2019-1637,危险级别:高危,CVSS分值:厂商自评:7.8,官方未评定CVE编号:CVE-2019-1638,危险级别:高危,CVSS分值:厂商自评:7.8,官方未评定CVE 编号:CVE-2019-1639,危险级别:高危,CVSS 分值:厂商自评:7.8,官方未评定
CVE 编号:CVE-2019-1640,危险级别:高危,CVSS 分值:厂商自评:7.8,官方未评定
CVE 编号:CVE-2019-1641,危险级别:高危,CVSS 分值:厂商自评:7.8,官方未评定
影响范围
受影响产品:
Cisco Webex Business Suite WBS32 sites — All Webex Network Recording Player and Webex Player versions prior to Version WBS32.15.33
Cisco Webex Business Suite WBS33 sites — All Webex Network Recording Player and Webex Player versions prior to Version WBS33.6.1 or WBS 33.7.0
Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player versions prior to Version 1.3.40
Cisco Webex Meetings Server — All Webex Network Recording Player versions prior to Version 2.8MR3 SecurityPatch1 or 3.0MR2 SecurityPatch2
漏洞概述
Cisco Webex Business Suite WBS32 sites等都是美国思科(Cisco)公司的视频会议解决方案。Cisco Webex Network Recording Player和Webex Player都是其中的用于播放视频会议记录的播放器。
基于Windows平台的Cisco Webex Network Recording Player和Webex Player中存在的多个漏洞可能允许攻击者在受影响的系统上执行任意代码。漏洞源于程序错误地验证了ARF和WRF文件。攻击者可通过链接或邮件附件发送恶意的ARF或WRF文件并诱使用户打开该文件,利用该漏洞在受影响系统上执行任意代码。
修复建议
目前厂商已发布升级补丁以修复漏洞:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce.
Cisco Webex Business Suite WBS32 sites — Webex Network Recording Player and Webex Player Versions WBS32.15.33 and later
Cisco Webex Business Suite WBS33 sites — Webex Network Recording Player and Webex Player Versions WBS33.6.1 and later
Cisco Webex Meetings Online — Webex Network Recording Player and Webex Player Versions 1.3.40 and later
Cisco Webex Meetings Server — Webex Network Recording Player Versions 2.8MR3 SecurityPatch1 or 3.0MR2 SecurityPatch2 and later
参考链接
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
京公网安备11010802024551号