March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2019-0887 – Remote Desktop Services Remote Code Execution Vulnerability
August 8, 2019Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
August 8, 2019Rewterz Threat Advisory – CVE-2019-0887 – Remote Desktop Services Remote Code Execution Vulnerability
August 8, 2019Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
August 8, 2019
Severity
High
Analysis Summary
CVE 2019-1924, CVE 2019-1925, CVE 2019-1926
The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
Impact
Arbitrary code execution
Affected Vendors
Cisco
Affected Products
- Cisco Webex Business Suite sites
- Cisco Webex Meetings Online
- Cisco Webex Meetings Server
Remediation
Please see vendor’s advisory for more details
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player