CVE-2019-1771

HIGH

Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File

Title source: llm

Description

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108373

Scores

CVSS v3 7.8

EPSS 0.0051

EPSS Percentile 39.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119

Status published

Products (5)

cisco/webex_business_suite < 39.2.205

cisco/webex_business_suite_lockdown < 33.6.11

cisco/webex_meetings_online < 1.3.42

cisco/webex_meetings_server 2.8\(1\)

cisco/webex_meetings_server 3.0\(1\)

Published May 15, 2019

Tracked Since Feb 18, 2026