Lucene search

CiscoCVE-2017-12359

HistoryNov 30, 2017 - 9:29 a.m.

CVE-2017-12359

2017-11-3009:29:01

CWE-119

cisco

web.nvd.nist.gov

cve-2017-12359

buffer overflow

cisco

webex

arf

arbitrary code execution

nvd

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

51.1%

JSON

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.

Affected configurations

Nvd

Node

ciscowebex_meeting_centerMatcht29

ciscowebex_meeting_centerMatcht30

ciscowebex_meeting_centerMatcht31

ciscowebex_meeting_centerMatcht32

ciscowebex_meetings_serverMatch2.6.0

ciscowebex_meetings_serverMatch2.7.0

VendorProductVersionCPE
ciscowebex_meeting_centert29cpe:2.3:a:cisco:webex_meeting_center:t29:*:*:*:*:*:*:*
ciscowebex_meeting_centert30cpe:2.3:a:cisco:webex_meeting_center:t30:*:*:*:*:*:*:*
ciscowebex_meeting_centert31cpe:2.3:a:cisco:webex_meeting_center:t31:*:*:*:*:*:*:*
ciscowebex_meeting_centert32cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*
ciscowebex_meetings_server2.6.0cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*
ciscowebex_meetings_server2.7.0cpe:2.3:a:cisco:webex_meetings_server:2.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meeting_center	t29	cpe:2.3:a:cisco:webex_meeting_center:t29:::::::*
cisco	webex_meeting_center	t30	cpe:2.3:a:cisco:webex_meeting_center:t30:::::::*
cisco	webex_meeting_center	t31	cpe:2.3:a:cisco:webex_meeting_center:t31:::::::*
cisco	webex_meeting_center	t32	cpe:2.3:a:cisco:webex_meeting_center:t32:::::::*
cisco	webex_meetings_server	2.6.0	cpe:2.3:a:cisco:webex_meetings_server:2.6.0:::::::*
cisco	webex_meetings_server	2.7.0	cpe:2.3:a:cisco:webex_meetings_server:2.7.0:::::::*

CNA Affected

[
  {
    "product": "Cisco WebEx Network Recording Player",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco WebEx Network Recording Player"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102186

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

51.1%

JSON

Related for CVE-2017-12359