CVE-2020-3321

LOW

Cisco Webex Player and Network Recording Player - Denial of Service via Malicious ARF or WRF File

Title source: llm

Description

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259

Scores

CVSS v3 3.3

EPSS 0.0053

EPSS Percentile 67.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (6)

cisco/webex_network_recording_player 3.0 (3 CPE variants)

cisco/webex_network_recording_player 4.0 (3 CPE variants)

cisco/webex_network_recording_player < 3.0

cisco/webex_player 3.0 (3 CPE variants)

cisco/webex_player 4.0 (3 CPE variants)

cisco/webex_player < 3.0

Published Jun 03, 2020

Tracked Since Feb 18, 2026