Executive Summary
Summary | |
---|---|
Title | Cisco WebEx Meetings Player Arbitrary Code Execution |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160831-meetings-player | First vendor Publication | 2016-08-31 |
Vendor | Cisco | Last vendor Modification | 2016-08-31 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player BEGIN PGP SIGNATURE iQIVAwUBV8blLK89gD3EAJB5AQI1zxAAx6XCth6kJKS7dwSUct2Bg0hBpw3oazvO k3H4mFLRgtAx4wX/bR3xoF3z8Fl2X2hdiZRZoulssR3biRfsGhbNvIhXewkRbzcB DQGA4LLo+XcCu+5mIYhpChTo1ncgBFtku7S0KI7lfTXEAxqQEflt2o5D3LzmTv19 c6R39nnyHQ3guY+7kggEo2TlggSe1SUFBKw2h7k1Rsc422y+d7l4tyLrNbx6tdqm r97LkpvghekSF8HQBB+rW/sc3h4qf3zIEuvVuuzFay+JVFChSObh3l2WHJyU4j8O 7SlqTzpNvb/19D3byKSTLVSEcadCTus1J4iGJCSQv3tN6EdS2Bm8aRNvg4G4BPXw kbtS9IEJDg2wFiGte7gWfpfLBhAhgG9FPNcPHzZRjRxIx/OgkGpiPQCuHarOv7Fg LlXs6GR+cZtn+A9yoohTV4RfXjvfNPUb1+w9jGaRTf5dWtg/XzP3NO7bwftfxAZ2 7nYMvXh95tic1Dm2CKjTCzlgV6kUVyIH2EmUKdvX52GEUcmKhY9A6ZHeCh2gXRcc HKOuyY5mmDau5HCI1AV0TROzvZTZO15Em0EePWmKnwt46Z+lzoh3vZWRe839qoSQ n4stxK0hTEVClEkQwj50GZ0XhZlm69m6xwcUEKNmbkc0Tr2jQuKkwLd8ra4pmMnK bWi/tKyx2Lg= =0pHi END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Alert History
Date | Informations |
---|---|
2016-09-06 21:21:46 |
|
2016-09-04 05:25:31 |
|
2016-08-31 21:25:25 |
|