Executive Summary

Summary
TitleCisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
Informations
Namecisco-sa-20181003-webex-rceFirst vendor Publication2018-10-03
VendorCiscoLast vendor Modification2018-10-03
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbtOqzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczgp8QAKTnNf9mXE/QSNtnIDNG+42XnYZ0 haitdS6VV07gL67tW5+GAoJiiwQfNTcSOVreBXnxdGCgS05H4hH3F3Ml2uNFnAtY p0/BeEv3e2r9nER9Pw3D5xU4qlFWHSD+fm17l9OemI6MMaerWMOvhOT6T3mQwrPf HxQeUtRg0i1lb6XfRB2svUOfXkB+W2cJYjT7jE5NhAWyPTEqTm/MmMgIehSE4pCJ HAYSJImwSDZ7eju3FSHTeSgl6LmfsO27LmCmI6Mwt8YWPqukp0YChxPFEYjooj0C JmNzwa2Kd+33Yif1rb2q6rFugracZ522OOxZtesRMBe6q2mktepT3sirvIWpzcpg tJdRq6ptpMxiOzNhJlR7fmaKkAy/q2MB6+K6FG2ZlAf4+dkUn2nm+p3tCUyHHUMf 23Zqv3qIwMMm5SfVmvONEHcuDWwU58qppMAoXBYKN1rajw5eVOXW2gu43yEgfOv5 Jm4LQpnCA4S+W83ALos10THEC24UMZawqeGgsJn6DMKl9HpEP2WYGf1Y+8U9/8FG 4c8b/7XELV2ld6C2gyM9GVJ6Xej3Jccaq/BFL1NSgmUxeSWtVjeYzRJGxol46Xyx flbNejnIZiIxWqKx8Eca/9SnSGtw8Ko/VlHhw7R36yW1jNGL1Ni06mrebFpq4shq Zf68eBbHCu41eu+i =BtSy END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%idName
85 %CWE-20Improper Input Validation
15 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application25
Application3
Application4
Application2
Application21

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2018-11-21 21:22:55
  • Multiple Updates
2018-11-20 21:21:03
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-10-03 21:19:38
  • First insertion