Security News > 2021 > June > Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN

Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN
2021-06-03 17:05

Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software.

A total of three high-severity vulnerabilities were patched in Webex Player for Windows and macOS, two of which also affect the Webex Network Recording Player for those operating systems.

The issue affects Cisco Webex Player for Windows and MacOS releases prior to version 41.5, but does not impact the Webex Network Recording Player.

The next two vulnerabilities - CVE-2021-1502 and CVE-2021-1503 - are memory corruption bugs that impact both Webex Network Recording Player and Webex Player, on both Windows and macOS. Both could be exploited to achieve arbitrary code execution on an affected system.

Both flaws are addressed in Webex Network Recording Player and Webex Player releases 41.4 and later.

This week, Cisco also published information on multiple medium risk vulnerabilities impacting various products from its portfolio, including Webex Meetings, Webex Player, ThousandEyes Recorder, Video Surveillance 7000 series IP cameras, and Common Services Platform Collector.


News URL

http://feedproxy.google.com/~r/securityweek/~3/m6WnZ_TRu6E/cisco-plugs-high-risk-security-flaws-webex-sd-wan

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2021-1503 Out-of-bounds Write vulnerability in Cisco Webex Meetings Server and Webex Player
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system.
local
low complexity
cisco CWE-787
7.8
2021-06-04 CVE-2021-1502 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system.
local
low complexity
cisco CWE-119
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749