The IT and networking giant Cisco has outlined multiple vulnerabilities in its Webex, SD-WAN, and ASR 5000 devices, that could potentially allow an arbitrary code execution by the attackers for the legitimate reason.
Although Cisco has provided patches for a wide range of vulnerabilities, particularly updates for high-risk issues in the widely used Webex Player, SD-WAN, and ASR 5000 Series.
A total of three flaws of high severity ( CVSS score of 7.8 ) have been addressed and patched for Windows and macOS in Webex Player, two of those also compromise the operating systems' Webex Network Recording Player.
The first bug, CVE-2021-1526, is a problem of memory degradation that can be exploited by arbitrary code on a vulnerable computer. Manipulated Webex Recording Format(WRF) files could misuse the vulnerabilities.
The problem affects the Cisco Webex Player for Windows and macOS launches before the 41.5 version of it but does not influence the Webex Network Recording Player.
Memory corruption problems that harm both the Webex Network Recording Player and Webex Player are indeed the following two vulnerabilities - the CVE-2021-1502 and the CVE-2021-1503 - on Windows and macOS both.
Both can be used to arbitrarily execute code on the system concerned. Both of these issues are resolved in version 41.4 of Webex player and Webex Network Recording Player.
In addition, recently, Cisco issued updates for SD-WAN software CVE-2021-1528 a high risk (CVSS score of 7.8), that might be used to get high privileges on a vulnerable server. This bug affects the SD-WAN versions 20.4 and 20.5 (vBond Orchestrator, vEdge Cloud, and vEdge Routers and vManage, vSmart Controller) but has been addressed with version ..
Support the originator by clicking the read the rest link below.
