Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2019-1637 | First vendor Publication | 2019-01-23 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1637 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 | |
| Application | 2 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48959 - Revision : 2 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48958 - Revision : 2 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48957 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48956 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48955 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48954 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48953 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48952 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48951 - Revision : 1 - Type : FILE-OTHER |
| 2020-12-05 | Cisco WebEx Network Recording Player memory corruption attempt RuleID : 48950 - Revision : 1 - Type : FILE-OTHER |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:28:12 |
|
| 2021-05-04 13:29:26 |
|
| 2021-04-22 02:43:52 |
|
| 2020-12-05 21:23:47 |
|
| 2020-05-23 02:26:03 |
|
| 2019-10-10 05:20:59 |
|
| 2019-01-29 00:18:53 |
|
| 2019-01-25 17:19:27 |
|
| 2019-01-24 05:19:25 |
|
