Security News
Cisco Webex Player is also affected, which used to play back Webex Recording Format files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing. While Cisco did not detail the technicalities of the vulnerabilities, it said that "An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system," according to Cisco in a Wednesday advisory.
Cisco Webex Player is also affected, which used to play back Webex Recording Format files on the Windows OS. WRF files contain audio and video recordings, typically used for demonstrations, training and conferencing. While Cisco did not detail the technicalities of the vulnerabilities, it said that "An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system," according to Cisco in a Wednesday advisory.
Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could be exploited remotely. Tracked as CVE-2020-3127 and CVE-2020-3128 and rated high severity, the issues reside in the insufficient validation of elements within a Webex recording stored as ARF or WRF. To exploit the bugs, an attacker needs to send a malicious ARF or WRF file and trick the victim into opening the file the local system, which could result in arbitrary code being executed with the privileges of the targeted user.
Cisco is introducing new AI-powered voice intelligence capabilities to Webex Meetings to help turn talk into action. The Cisco Webex Assistant for Webex Meetings is powered by technology from the recent Voicea acquisition, turning Webex meetings into a digital treasure trove.
Cisco has patched a critical bug that could give attackers unauthorised access to Firepower Management Centre, the device that controls all of its security products. Cisco's FMC is an administrative controller for the company's network security products, giving administrators access to firewalls, application controllers, intrusion prevention, URL filtering, and malware protection systems.
Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an "Unauthenticated" attendee sitting on a workstation far, far away to join a "Password-protected meeting without providing the meeting password". According to the security advisory, which was rated as "High": "The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications."
Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. The vulnerability, tracked as CVE-2020-3142 and classified as high severity, affected Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites, releases earlier than 39.11.5 and 40.1.3.
UPDATE. Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings - no authentication necessary. "The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications," Cisco said.
Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing, to enhance audio, video and content.
Cisco has released a fresh batch of security updates for its networking and comms gear lines. The high-priority patch this month is the fix for CVE-2019-16009, a cross-site request forgery, in the web UI of Cisco IOS and Cisco IOS XE that can be exploited to steal credentials from users via malicious links.