CVE-2017-12369

CRITICAL

Cisco WebEx Network Recording Player - Buffer Overflow

Title source: llm

Description

A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102017

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039895

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players

Scores

CVSS v3 9.6

EPSS 0.0215

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-125

Status published

Products (5)

cisco/webex_meetings t29

cisco/webex_meetings t30

cisco/webex_meetings t31

cisco/webex_meetings t32

n/a/Cisco WebEx Recording Format and Advanced Recording Format Players Cisco WebEx Recording Format and Advanced Recording Format Players

Published Nov 30, 2017

Tracked Since Feb 18, 2026