Lucene search

CiscoCVE-2018-0264

HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0264

2018-05-0222:29:00

CWE-20

cisco

web.nvd.nist.gov

334

cve-2018-0264

cisco webex

network recording player

arf

remote code execution

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

80.1%

JSON

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user’s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457.

Affected configurations

Nvd

Node

ciscowebex_business_suite_31Range<t32.12

ciscowebex_business_suite_32Range<t31.23.4

Node

ciscowebex_meeting_serverRange<3.0

ciscowebex_meetingsRange<t32.12

VendorProductVersionCPE
ciscowebex_business_suite_31*cpe:2.3:a:cisco:webex_business_suite_31:*:*:*:*:*:*:*:*
ciscowebex_business_suite_32*cpe:2.3:a:cisco:webex_business_suite_32:*:*:*:*:*:*:*:*
ciscowebex_meeting_server*cpe:2.3:a:cisco:webex_meeting_server:*:*:*:*:*:*:*:*
ciscowebex_meetings*cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_business_suite_31	*	cpe:2.3:a:cisco:webex_business_suite_31::::::::
cisco	webex_business_suite_32	*	cpe:2.3:a:cisco:webex_business_suite_32::::::::
cisco	webex_meeting_server	*	cpe:2.3:a:cisco:webex_meeting_server::::::::
cisco	webex_meetings	*	cpe:2.3:a:cisco:webex_meetings::::::::

CNA Affected

[
  {
    "product": "Cisco WebEx Advanced Recording Format file players",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco WebEx Advanced Recording Format file players"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104073

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

80.1%

JSON

Related for CVE-2018-0264