Security News > 2021 > June > Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex Player, SD-WAN software, and ASR 5000 series software.
A total of three high-severity vulnerabilities were patched in Webex Player for Windows and macOS, two of which also affect the Webex Network Recording Player for those operating systems.
The issue affects Cisco Webex Player for Windows and MacOS releases prior to version 41.5, but does not impact the Webex Network Recording Player.
The next two vulnerabilities - CVE-2021-1502 and CVE-2021-1503 - are memory corruption bugs that impact both Webex Network Recording Player and Webex Player, on both Windows and macOS. Both could be exploited to achieve arbitrary code execution on an affected system.
Both flaws are addressed in Webex Network Recording Player and Webex Player releases 41.4 and later.
This week, Cisco also published information on multiple medium risk vulnerabilities impacting various products from its portfolio, including Webex Meetings, Webex Player, ThousandEyes Recorder, Video Surveillance 7000 series IP cameras, and Common Services Platform Collector.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-04 | CVE-2021-1503 | Out-of-bounds Write vulnerability in Cisco Webex Meetings Server and Webex Player A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. | 7.8 |
2021-06-04 | CVE-2021-1502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. | 7.8 |