CVE-2020-3322

CVE Database · CVE-2020-3322

CVE-2020-3322

· LOWModified

CVSS v3.1

3.3

EPSS

0.66%

Published

Jun 3, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (2)

cisco · webex_network_recording_playervulnerable

cisco · webex_playervulnerable

References (2)

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269

Vendor Advisory

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs