Lucene search

[email protected]CVE-2018-0379

HistoryJul 18, 2018 - 11:29 p.m.

CVE-2018-0379

2018-07-1823:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cisco

webex

network recording player

arf

wrf

vulnerabilities

arbitrary code execution

exploitation

cisco bug ids

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294.

Affected configurations

NVD

Node

ciscowebex_meetings_onlineRange<1.3.35

ciscowebex_meetings_onlineMatch1.3.35

Node

ciscowebex_business_suiteRange31.0–31.23

ciscowebex_business_suiteRange32.0–32.15

ciscowebex_business_suiteRange33.0–33.2

ciscowebex_business_suiteMatch31.23

ciscowebex_business_suiteMatch32.15

ciscowebex_business_suiteMatch33.0.6

ciscowebex_business_suiteMatch33.1.1

ciscowebex_business_suiteMatch33.2

Node

ciscowebex_meeting_serverMatch3.0mr1

CPENameOperatorVersion
cisco:webex_meetings_onlinecisco webex meetings onlinelt1.3.35

CPE	Name	Operator	Version
cisco:webex_meetings_online	cisco webex meetings online	lt	1.3.35

CNA Affected

[
  {
    "product": "Cisco Webex Network Recording Players unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Webex Network Recording Players unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104853

www.securitytracker.com/id/1041347

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2018-0379

zdi12 prion1 cvelist1 nvd1 cisco1