CVE-2018-15418
HIGHCisco Webex Meetings Online < 1.3.37 - Remote Code Execution via Malicious ARF/WRF File
Title source: llmDescription
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041795
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105520
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce
Scores
CVSS v3
7.8
EPSS
0.0202
EPSS Percentile
78.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-191
CWE-20
Status
published
Products (10)
cisco/webex_business_suite_31
< 31.23.0
cisco/webex_business_suite_32
< 32.15.10
cisco/webex_business_suite_33
< 33.5
cisco/webex_meetings_online
< 1.3.37
cisco/webex_meetings_server
2.5 maintenance_release2_patch1 (5 CPE variants)
cisco/webex_meetings_server
2.5.1.29
cisco/webex_meetings_server
2.6 (5 CPE variants)
cisco/webex_meetings_server
2.7 (4 CPE variants)
cisco/webex_meetings_server
2.7.1
cisco/webex_meetings_server
2.8 (2 CPE variants)
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026