Cisco has released free updates that address the described in this advisory. Customers may only install and expect support for versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such upgrades, customers agree to follow the terms of the Cisco license:

https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases

The following versions of the Cisco Recording available from the Cisco Webex Meetings Suite sites (WBS32, WBS33), Cisco Webex Meetings Online site, and Cisco Webex Meetings Server address all the vulnerabilities described in this advisory:

  • Cisco Webex Meetings Suite (WBS32) – Cisco Webex Network Recording Player versions WBS32.15.10 and later
  • Cisco Webex Meetings Suite (WBS33) – Cisco Webex Network Recording Player versions WBS33.3 and later
  • Cisco Webex Meetings Online – Webex Network Recording Player versions 1.3.37 and later
  • Cisco Webex Meetings Server – Webex Network Recording Player versions 3.0MR2 and later

The Cisco Webex Network Recording Player (for .arf files) will be automatically upgraded to the latest, non-vulnerable version when access a recording file that is hosted on a Cisco Webex Meetings site that contains the versions previously specified. will need to manually uninstall the Cisco Webex Player and get the updated version of the Cisco Webex Player from http://www.webex.com/play-webex-recording.html or from a Cisco Webex Meetings site specified previously.

Note: Customers on lockdown sites will not automatically get updated versions of the Cisco Webex Network Recording Player. Contact Webex Support to update a Cisco Webex site and get the updated version of the Cisco Webex Recording Players from http://www.webex.com/play-webex-recording.html.

Customers are advised to upgrade to an appropriate release as indicated in the following table:

Cisco ID Fixed Releases
WBS32 WBS33 Webex Meetings Server Webex Meetings Online
CVE-2018-15414
 CSCvj63717  32.15.10 or later  33.3 or later    
 CSCvj63724      3.0MR2  
 CSCvj637        1.3.37
CVE-2018-15421
 CSCvj67334  32.15.10 or later  33.3 or later    
 CSCvj67339      3.0MR2  
 CSCvj67344  

 

   1.3.37
CVE-2018-15422
 CSCvj63665  32.15.10 or later  33.3 or later    
 CSCvj63672      3.0MR2  
 CSCvj63676        1.3.37



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here