Lucene search

CiscoCVE-2019-15285

HistorySep 23, 2020 - 1:15 a.m.

CVE-2019-15285

2020-09-2301:15:12

CWE-119

cisco

web.nvd.nist.gov

cisco

webex

network

recording

player

microsoft windows

vulnerability

remote code execution

arf

wrf

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Affected configurations

Nvd

Node

ciscowebex_meetingsRange39.5.0–39.5.12

ciscowebex_meetings_onlineRange<1.3.44

ciscowebex_meetings_onlineMatch32.11

ciscowebex_meetings_onlineMatch39.4.0

ciscowebex_meetings_onlineMatcht32.9

ciscowebex_meetings_onlineMatcht39.3

ciscowebex_meetings_onlineMatcht39.6.0

ciscowebex_meetings_serverMatch3.0maintenance_release2

ciscowebex_meetings_serverMatch4.0-

AND

microsoftwindowsMatch-

VendorProductVersionCPE
ciscowebex_meetings*cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*
ciscowebex_meetings_online*cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*
ciscowebex_meetings_online32.11cpe:2.3:a:cisco:webex_meetings_online:32.11:*:*:*:*:*:*:*
ciscowebex_meetings_online39.4.0cpe:2.3:a:cisco:webex_meetings_online:39.4.0:*:*:*:*:*:*:*
ciscowebex_meetings_onlinet32.9cpe:2.3:a:cisco:webex_meetings_online:t32.9:*:*:*:*:*:*:*
ciscowebex_meetings_onlinet39.3cpe:2.3:a:cisco:webex_meetings_online:t39.3:*:*:*:*:*:*:*
ciscowebex_meetings_onlinet39.6.0cpe:2.3:a:cisco:webex_meetings_online:t39.6.0:*:*:*:*:*:*:*
ciscowebex_meetings_server3.0cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*
ciscowebex_meetings_server4.0cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meetings	*	cpe:2.3:a:cisco:webex_meetings::::::::
cisco	webex_meetings_online	*	cpe:2.3:a:cisco:webex_meetings_online::::::::
cisco	webex_meetings_online	32.11	cpe:2.3:a:cisco:webex_meetings_online:32.11:::::::*
cisco	webex_meetings_online	39.4.0	cpe:2.3:a:cisco:webex_meetings_online:39.4.0:::::::*
cisco	webex_meetings_online	t32.9	cpe:2.3:a:cisco:webex_meetings_online:t32.9:::::::*
cisco	webex_meetings_online	t39.3	cpe:2.3:a:cisco:webex_meetings_online:t39.3:::::::*
cisco	webex_meetings_online	t39.6.0	cpe:2.3:a:cisco:webex_meetings_online:t39.6.0:::::::*
cisco	webex_meetings_server	3.0	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cisco	webex_meetings_server	4.0	cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "product": "Cisco WebEx WRF Player",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for CVE-2019-15285