"Cisco.Webex.CVE-2020-3194.Memory.Corruption"
- 特征库ID:
48924
- 漏洞级别:
high
- CVE ID:
CVE-2020-3194
- 建议的动作:
drop
- 受影响的系统:
Windows
- 协议:
tcp
攻击漏洞描述
这表示针对 Cisco Webex Network Recording Player 和 Webex Player 中的内存损坏漏洞的攻击尝试。该漏洞是由易受攻击的软件处理精心制作的 ARF 文件时发生的错误引起的。远程攻击者可能能够利用此漏洞通过精心制作的 ARF 文件在用户上下文中执行任意代码。
影响范围
Cisco Webex Meetings sites - All Webex Network Recording Player and Webex Player releases earlier than Release WBS 39.5.18 or Release WBS 40.2
Cisco Webex Meetings Online sites - All Webex Network Recording Player and Webex Player releases earlier than Release 1.3.48
Cisco Webex Meetings Server - All Webex Network Recording Player releases earlier than Release 4.0MR3
可能带来的后果
系统被入侵:远程攻击者可以控制易受攻击的系统。
解决办法
应用供应商的最新更新。 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby
