CVE-2020-3573: 
Cisco Webex Meetings vulnerability analysis and mitigation

A vulnerability in Cisco WebEx Network Recording Player's Advanced Recording Format (ARF) file parsing was discovered and assigned CVE-2020-3573. The vulnerability was reported on June 5, 2020, and publicly disclosed on November 10, 2020. This security flaw affects Cisco WebEx Meetings installations, specifically version 40.7.0 and potentially other versions (ZDI Advisory, ManageEngine DB).

The vulnerability stems from insufficient validation of certain elements within Webex recordings stored in the Advanced Recording Format. Specifically, the flaw exists within the parsing of ARF files and results from the lack of proper initialization of a pointer prior to accessing it. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating its high severity (ZDI Advisory).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco WebEx Network Recording Player. The attacker can leverage this vulnerability to execute code in the context of the current process, potentially leading to complete system compromise (ZDI Advisory).

Cisco has released an update to address this vulnerability. The recommended solution involves updating to version 43.12.1.7 or later of the WebEx application (ManageEngine DB, Cisco Advisory).