CVE-2019-1637

HIGH

Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File

Title source: llm

Description

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce

Third Party Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106704

Scores

CVSS v3 7.8

EPSS 0.0148

EPSS Percentile 70.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119

Status published

Products (7)

cisco/webex_meetings_online 1.3.33

cisco/webex_meetings_online 1.3.39

cisco/webex_meetings_online t32.9

cisco/webex_meetings_online t33.3.5

cisco/webex_meetings_online t33.5.1

cisco/webex_meetings_server 3.0mr2 p1

cisco/webex_meetings_server t31 sp3

Published Jan 23, 2019

Tracked Since Feb 18, 2026