Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
Informations
Name cisco-sa-20181003-webex-rce First vendor Publication 2018-10-03
Vendor Cisco Last vendor Modification 2018-10-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbtOqzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczgp8QAKTnNf9mXE/QSNtnIDNG+42XnYZ0 haitdS6VV07gL67tW5+GAoJiiwQfNTcSOVreBXnxdGCgS05H4hH3F3Ml2uNFnAtY p0/BeEv3e2r9nER9Pw3D5xU4qlFWHSD+fm17l9OemI6MMaerWMOvhOT6T3mQwrPf HxQeUtRg0i1lb6XfRB2svUOfXkB+W2cJYjT7jE5NhAWyPTEqTm/MmMgIehSE4pCJ HAYSJImwSDZ7eju3FSHTeSgl6LmfsO27LmCmI6Mwt8YWPqukp0YChxPFEYjooj0C JmNzwa2Kd+33Yif1rb2q6rFugracZ522OOxZtesRMBe6q2mktepT3sirvIWpzcpg tJdRq6ptpMxiOzNhJlR7fmaKkAy/q2MB6+K6FG2ZlAf4+dkUn2nm+p3tCUyHHUMf 23Zqv3qIwMMm5SfVmvONEHcuDWwU58qppMAoXBYKN1rajw5eVOXW2gu43yEgfOv5 Jm4LQpnCA4S+W83ALos10THEC24UMZawqeGgsJn6DMKl9HpEP2WYGf1Y+8U9/8FG 4c8b/7XELV2ld6C2gyM9GVJ6Xej3Jccaq/BFL1NSgmUxeSWtVjeYzRJGxol46Xyx flbNejnIZiIxWqKx8Eca/9SnSGtw8Ko/VlHhw7R36yW1jNGL1Ni06mrebFpq4shq Zf68eBbHCu41eu+i =BtSy END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
77 % CWE-20 Improper Input Validation
15 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
8 % CWE-191 Integer Underflow (Wrap or Wraparound)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3
Application 5
Application 24
Application 21

Nessus® Vulnerability Scanner

Date Description
2019-01-08 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2019-1007.nasl - Type : ACT_GATHER_INFO
2018-12-28 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1446.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2018-11-21 21:22:55
  • Multiple Updates
2018-11-20 21:21:03
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-10-03 21:19:38
  • First insertion