Vulnerability Description
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Player | < 3.0 |
| Cisco | Webex Network Recording Player | < 3.0 |
Related Weaknesses (CWE)
References
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259Vendor Advisory
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259Vendor Advisory
FAQ
What is CVE-2020-3321?
CVE-2020-3321 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition f...
How severe is CVE-2020-3321?
CVE-2020-3321 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3321?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Player, Cisco Webex Network Recording Player.