All the vulnerabilites related to cisco - webex_network_recording_player
cve-2018-0104
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-12-02 21:47
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102382 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Advanced Recording Format Player |
Version: Cisco WebEx Advanced Recording Format Player |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:09:16.410105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:47:25.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Advanced Recording Format Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Advanced Recording Format Player"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "102382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Advanced Recording Format Player",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Advanced Recording Format Player"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102382"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0104",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-12-02T21:47:25.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1502
Vulnerability from cvelistv5
Published
2021-06-04 16:45
Modified
2024-11-07 22:10
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Webex Meetings |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210602 Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:54.958416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:10:29.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Meetings",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T16:45:12",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210602 Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ"
}
],
"source": {
"advisory": "cisco-sa-webex-player-dOJ2jOJ",
"defect": [
[
"CSCvx30404"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-06-02T16:00:00",
"ID": "CVE-2021-1502",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Meetings",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210602 Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ"
}
]
},
"source": {
"advisory": "cisco-sa-webex-player-dOJ2jOJ",
"defect": [
[
"CSCvx30404"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1502",
"datePublished": "2021-06-04T16:45:12.255373Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:10:29.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3322
Vulnerability from cvelistv5
Published
2020-06-03 17:00
Modified
2024-11-15 17:20
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Webex Network Recording Player |
Version: unspecified < 3.0 MR3 Security Patch 2 Version: unspecified < 4.0 MR3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:19.444499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:20:07.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Network Recording Player",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Cisco Webex Player for Microsoft Windows",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"datePublic": "2020-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T17:00:18",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269"
}
],
"source": {
"advisory": "CSCvs98269",
"defect": [
"CSCvs98259",
"CSCvs98260",
"CSCvs98261"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-03T16:00:00.000Z",
"ID": "CVE-2020-3322",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Network Recording Player",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
},
{
"product_name": "Cisco Webex Player for Microsoft Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269"
}
]
},
"source": {
"advisory": "CSCvs98269",
"defect": [
"CSCvs98259",
"CSCvs98260",
"CSCvs98261"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3322",
"datePublished": "2020-06-03T17:00:18.648979Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:20:07.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1536
Vulnerability from cvelistv5
Published
2021-06-04 16:45
Modified
2024-11-07 22:09
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Webex Teams |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:41:47.180574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:09:47.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Teams",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T16:45:45",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
}
],
"source": {
"advisory": "cisco-sa-webex-dll-inject-XNmcSGTU",
"defect": [
[
"CSCvw48667",
"CSCvw79311",
"CSCvw79321"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-06-02T16:00:00",
"ID": "CVE-2021-1536",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Teams",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210602 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
}
]
},
"source": {
"advisory": "cisco-sa-webex-dll-inject-XNmcSGTU",
"defect": [
[
"CSCvw48667",
"CSCvw79311",
"CSCvw79321"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1536",
"datePublished": "2021-06-04T16:45:45.378447Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:09:47.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0103
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-12-02 21:47
Severity ?
EPSS score ?
Summary
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102369 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Network Recording Player |
Version: Cisco WebEx Network Recording Player |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
},
{
"name": "102369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:09:17.825236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:47:40.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Network Recording Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Network Recording Player"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
},
{
"name": "102369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102369"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Network Recording Player",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Network Recording Player"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
},
{
"name": "102369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102369"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0103",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-12-02T21:47:40.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3319
Vulnerability from cvelistv5
Published
2020-06-03 16:55
Modified
2024-11-15 17:20
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Webex Network Recording Player |
Version: unspecified < 3.0 MR3 Security Patch 2 Version: unspecified < 4.0 MR3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:22.385143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:20:29.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Network Recording Player",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Cisco Webex Player for Microsoft Windows",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"datePublic": "2020-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T16:55:13",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
}
],
"source": {
"advisory": "CSCvs98254",
"defect": [
"CSCvs98254",
"CSCvs98255",
"CSCvs98256"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-03T16:00:00.000Z",
"ID": "CVE-2020-3319",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Network Recording Player",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
},
{
"product_name": "Cisco Webex Player for Microsoft Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
}
]
},
"source": {
"advisory": "CSCvs98254",
"defect": [
"CSCvs98254",
"CSCvs98255",
"CSCvs98256"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3319",
"datePublished": "2020-06-03T16:55:13.483571Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:20:29.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3128
Vulnerability from cvelistv5
Published
2020-03-04 18:40
Modified
2024-11-15 17:35
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco WebEx WRF Player |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:24:54.417384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:35:27.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx WRF Player",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-04T18:40:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
}
],
"source": {
"advisory": "cisco-sa-20200304-webex-player",
"defect": [
[
"CSCvr82763",
"CSCvr84091",
"CSCvr84096",
"CSCvr89202",
"CSCvr89467",
"CSCvr89471"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-03-04T16:00:00-0800",
"ID": "CVE-2020-3128",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx WRF Player",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
}
]
},
"source": {
"advisory": "cisco-sa-20200304-webex-player",
"defect": [
[
"CSCvr82763",
"CSCvr84091",
"CSCvr84096",
"CSCvr89202",
"CSCvr89467",
"CSCvr89471"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3128",
"datePublished": "2020-03-04T18:40:22.824840Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:35:27.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3127
Vulnerability from cvelistv5
Published
2020-03-04 18:40
Modified
2024-11-15 17:35
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player | vendor-advisory, x_refsource_CISCO | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-269/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco WebEx WRF Player |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:24:55.676803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:35:37.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx WRF Player",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T22:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/"
}
],
"source": {
"advisory": "cisco-sa-20200304-webex-player",
"defect": [
[
"CSCvr82763",
"CSCvr84091",
"CSCvr84096",
"CSCvr89202",
"CSCvr89467",
"CSCvr89471"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-03-04T16:00:00-0800",
"ID": "CVE-2020-3127",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx WRF Player",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200304 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/"
}
]
},
"source": {
"advisory": "cisco-sa-20200304-webex-player",
"defect": [
[
"CSCvr82763",
"CSCvr84091",
"CSCvr84096",
"CSCvr89202",
"CSCvr89467",
"CSCvr89471"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3127",
"datePublished": "2020-03-04T18:40:17.795871Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:35:37.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3321
Vulnerability from cvelistv5
Published
2020-06-03 16:55
Modified
2024-11-15 17:20
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Webex Network Recording Player |
Version: unspecified < 3.0 MR3 Security Patch 2 Version: unspecified < 4.0 MR3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:57.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:21.069942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:20:18.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Network Recording Player",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Cisco Webex Player for Microsoft Windows",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.0 MR3 Security Patch 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0 MR3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"datePublic": "2020-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T16:55:18",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259"
}
],
"source": {
"advisory": "CSCvs98259",
"defect": [
"CSCvs98259",
"CSCvs98260",
"CSCvs98261"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-03T16:00:00.000Z",
"ID": "CVE-2020-3321",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Network Recording Player",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
},
{
"product_name": "Cisco Webex Player for Microsoft Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0 MR3 Security Patch 2"
},
{
"version_affected": "\u003c",
"version_value": "4.0 MR3"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259"
}
]
},
"source": {
"advisory": "CSCvs98259",
"defect": [
"CSCvs98259",
"CSCvs98260",
"CSCvs98261"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3321",
"datePublished": "2020-06-03T16:55:18.361937Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:20:18.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3194
Vulnerability from cvelistv5
Published
2020-04-15 20:10
Modified
2024-11-15 17:31
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Webex Meetings |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200415 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:24:46.778376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:31:24.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Meetings",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T20:10:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200415 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
}
],
"source": {
"advisory": "cisco-sa-webex-player-Q7Rtgvby",
"defect": [
[
"CSCvs56936",
"CSCvs56937",
"CSCvs56938"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-04-15T16:00:00-0700",
"ID": "CVE-2020-3194",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Webex Meetings",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200415 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
}
]
},
"source": {
"advisory": "cisco-sa-webex-player-Q7Rtgvby",
"defect": [
[
"CSCvs56936",
"CSCvs56937",
"CSCvs56938"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3194",
"datePublished": "2020-04-15T20:10:25.320413Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:31:24.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:30
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_network_recording_player | - | |
| cisco | webex_player | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE7D641-CF31-48F6-AD29-4116EA7E7692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "02C17690-7694-4246-BBD6-A89447C4747E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\u00eda permitir a un atacante causar un bloqueo del proceso resultando en una condici\u00f3n de Denegaci\u00f3n de servicio (DoS) para la aplicaci\u00f3n del reproductor sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n de Webex almacenada en Advanced Recording Format (ARF) o en Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo a un usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que la aplicaci\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso."
}
],
"id": "CVE-2020-3322",
"lastModified": "2024-11-21T05:30:48.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T17:15:25.997",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98269"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 17:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings_desktop | - | |
| cisco | webex_meetings_online | - | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_network_recording_player | - | |
| cisco | webex_teams | 3.0.15485.0 | |
| cisco | webex_network_recording_player | * | |
| cisco | webex_network_recording_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_desktop:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B13F932E-8877-44C0-8EDC-C75F14C2809B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B47441-8048-4544-86A8-611DA68398A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "A34EE1A3-F564-4B28-A252-1E0AD53B2B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F367BA7A-1DA0-4E31-BFB5-CC988E7DF3CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B7968B3F-2DF6-45E2-B2C6-5600A972B125",
"versionEndExcluding": "41.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19E8714E-7F29-416F-B9D0-9CCE8935BE40",
"versionEndExcluding": "41.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player para Windows y MacOS y Cisco Webex Player para Windows y MacOS podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en un sistema afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de valores dentro de los archivos de grabaci\u00f3n de Webex formateados tanto en Advanced Recording Format (ARF) como en Webex Recording Format (WRF). Un atacante podr\u00eda explotar la vulnerabilidad mediante el env\u00edo a un usuario un archivo ARF o WRF malicioso mediante un enlace o un archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario para que abra el archivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado con los privilegios del usuario objetivo"
}
],
"id": "CVE-2021-1502",
"lastModified": "2024-11-21T05:44:29.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T17:15:08.097",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-04 06:29
Modified
2024-11-21 03:37
Severity ?
Summary
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/102369 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102369 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_business_suite | - | |
| cisco | webex_meetings | - | |
| cisco | webex_meetings_server | - | |
| cisco | webex_network_recording_player | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC6601B-8E24-41E9-9716-6EDA9049839E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81774C03-0884-44C6-80EF-DC882BF44C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE7D641-CF31-48F6-AD29-4116EA7E7692",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en Cisco WebEx Network Recording Player para archivos Advanced Recording Format (.arf) podr\u00eda permitir que un atacante local ejecute c\u00f3digo arbitrario en el sistema de un usuario. El atacante podr\u00eda explotar esta vulnerabilidad enviando al usuario un enlace o archivo adjunto en un email con un archivo ARF malicioso y persuadiendo al usuario para que acceda al enlace o ejecute el archivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario en el sistema del usuario. Esta vulnerabilidad afecta a sitios de reuni\u00f3n Cisco WebEx Business Suite, Cisco WebEx Meetings, Cisco WebEx Meetings Server y a los reproductores Cisco WebEx ARF. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839."
}
],
"id": "CVE-2018-0103",
"lastModified": "2024-11-21T03:37:31.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-04T06:29:00.340",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102369"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:30
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_network_recording_player | * | |
| cisco | webex_network_recording_player | 4.0 | |
| cisco | webex_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "25A839E1-6437-49B2-9906-D61298FC366B",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "E922D69B-C5A1-40FD-AF7C-7BC7DF30E5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B464C74B-64E8-4DEB-A642-3AAC577DF8CD",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\u00eda permitir a un atacante causar un bloqueo del proceso resultando en una condici\u00f3n de Denegaci\u00f3n de servicio (DoS) para la aplicaci\u00f3n del reproductor sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n de Webex almacenada en el Advanced Recording Format (ARF) o en el Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que la aplicaci\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso. Esta vulnerabilidad afecta a las versiones de Cisco Webex Network Recording Player y Webex Player anteriores a la versi\u00f3n 3.0 MR3 Security Patch 2 y 4.0 MR3."
}
],
"id": "CVE-2020-3319",
"lastModified": "2024-11-21T05:30:48.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T17:15:25.733",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-04 06:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/102382 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102382 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_business_suite | - | |
| cisco | webex_meetings | - | |
| cisco | webex_meetings_server | - | |
| cisco | webex_network_recording_player | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC6601B-8E24-41E9-9716-6EDA9049839E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81774C03-0884-44C6-80EF-DC882BF44C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE7D641-CF31-48F6-AD29-4116EA7E7692",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user\u0027s system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Network Recording Player para archivos Advanced Recording Format (.arf) podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema de un usuario. El atacante podr\u00eda explotar esta vulnerabilidad enviando al usuario un enlace o archivo adjunto en un email con un archivo ARF malicioso y persuadiendo al usuario para que acceda al enlace o ejecute el archivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario en el sistema del usuario. Esta vulnerabilidad afecta a sitios de reuni\u00f3n Cisco WebEx Business Suite, Cisco WebEx Meetings, Cisco WebEx Meetings Server y a los reproductores Cisco WebEx ARF. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857."
}
],
"id": "CVE-2018-0104",
"lastModified": "2024-11-21T03:37:31.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-04T06:29:00.387",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102382"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:30
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_player | * | |
| cisco | webex_player | 3.0 | |
| cisco | webex_player | 3.0 | |
| cisco | webex_player | 3.0 | |
| cisco | webex_player | 4.0 | |
| cisco | webex_player | 4.0 | |
| cisco | webex_player | 4.0 | |
| cisco | webex_network_recording_player | * | |
| cisco | webex_network_recording_player | 3.0 | |
| cisco | webex_network_recording_player | 3.0 | |
| cisco | webex_network_recording_player | 3.0 | |
| cisco | webex_network_recording_player | 4.0 | |
| cisco | webex_network_recording_player | 4.0 | |
| cisco | webex_network_recording_player | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "29AD80BF-4BD6-4B63-9DBE-5AAD219CC464",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:3.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "22E8B4CB-4380-4252-94FF-2FA9475E443C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:3.0:maintenance_release1:*:*:*:windows:*:*",
"matchCriteriaId": "C391D26A-B24C-4771-902A-6A8255ED9B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:3.0:maintenance_release2:*:*:*:windows:*:*",
"matchCriteriaId": "0AFAA7F9-A6CE-4670-90D9-49DD60B01C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:4.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "173FD058-9353-4346-AEFE-2043FE05A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:4.0:maintenance_release1:*:*:*:windows:*:*",
"matchCriteriaId": "2F3E289B-1887-42BB-A3EE-5FE5BC9117AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_player:4.0:maintenance_release2:*:*:*:windows:*:*",
"matchCriteriaId": "BD5D3C2F-8344-4281-9FC4-BAE8BD687A9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD2D467-A1BA-41BC-9ABB-52A67961712C",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F802539A-BF0D-4178-AA6F-39186ADA2940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:3.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "88A0132D-146E-40D5-AD93-9392878A9703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:3.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "5D63BB12-E138-4686-B115-C8935418269C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C216B45-3F47-4271-8C86-167CCFE6A67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:4.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "56CB908D-A71E-4CE4-8692-9439585CC7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:4.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "207BE80A-EFB5-4318-B03D-6CC37633CCED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\u00eda permitir a un atacante causar un bloqueo del proceso resultando en una condici\u00f3n de Denegaci\u00f3n de servicio (DoS) para la aplicaci\u00f3n del reproductor en un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n de Webex almacenada en el Advanced Recording Format (ARF) o en el Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo a un usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que la aplicaci\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso."
}
],
"id": "CVE-2020-3321",
"lastModified": "2024-11-21T05:30:48.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T17:15:25.890",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98259"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-04 19:15
Modified
2024-11-21 05:30
Severity ?
Summary
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings | * | |
| cisco | webex_meetings_online | * | |
| cisco | webex_meetings_server | * | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_network_recording_player | * | |
| cisco | webex_network_recording_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA858E7-E79F-49A5-9E47-81AE64DC4FE6",
"versionEndExcluding": "39.5.17",
"versionStartIncluding": "39.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83C1620E-2F02-427C-A196-57665A7A9496",
"versionEndExcluding": "1.3.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D8A4925-CE8E-4315-AC49-EFFAACBCC8A1",
"versionEndExcluding": "39.5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBDF0742-228E-490D-9F7C-FD427A31DB08",
"versionEndExcluding": "39.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Cisco Webex Network Recording Player para Microsoft Windows y Cisco Webex Player para Microsoft Windows, podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario sobre un sistema afectado. Las vulnerabilidades son debido a una comprobaci\u00f3n insuficiente de determinados elementos dentro de una grabaci\u00f3n de Webex que se almacena en el Advanced Recording Format (ARF) o el Webex Recording Format (WRF). Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de un archivo ARF o WRF malicioso hacia un usuario por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario para que abra el archivo en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado con los privilegios del usuario apuntado."
}
],
"id": "CVE-2020-3127",
"lastModified": "2024-11-21T05:30:22.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T19:15:12.353",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"source": "ykramarz@cisco.com",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-269/"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-04 19:15
Modified
2024-11-21 05:30
Severity ?
Summary
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings | * | |
| cisco | webex_meetings_online | * | |
| cisco | webex_meetings_server | * | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 3.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_network_recording_player | * | |
| cisco | webex_network_recording_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA858E7-E79F-49A5-9E47-81AE64DC4FE6",
"versionEndExcluding": "39.5.17",
"versionStartIncluding": "39.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81A58822-A0E3-4A7F-BE93-FEB0EEDBDB24",
"versionEndExcluding": "1.3.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D8A4925-CE8E-4315-AC49-EFFAACBCC8A1",
"versionEndExcluding": "39.5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBDF0742-228E-490D-9F7C-FD427A31DB08",
"versionEndExcluding": "39.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en Cisco Webex Network Recording Player para Microsoft Windows y Cisco Webex Player para Microsoft Windows, podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario sobre un sistema afectado. Las vulnerabilidades son debido a una comprobaci\u00f3n insuficiente de determinados elementos dentro de una grabaci\u00f3n de Webex que es almacenada en el Advanced Recording Format (ARF) o el Webex Recording Format (WRF). Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de un archivo ARF o WRF malicioso hacia un usuario por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario para que abra el archivo en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado con los privilegios del usuario apuntado."
}
],
"id": "CVE-2020-3128",
"lastModified": "2024-11-21T05:30:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T19:15:12.477",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 21:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_network_recording_player | * | |
| cisco | webex_meetings | * | |
| cisco | webex_meetings_online | * | |
| cisco | webex_meetings_server | * | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_network_recording_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "52105799-584A-43A8-92FE-77DD4F6BEBB7",
"versionEndExcluding": "40.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41821C30-7FB1-4000-BDCB-9905774FC59F",
"versionEndExcluding": "39.5.18",
"versionStartIncluding": "39.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0A4DAC-526E-4679-AA40-BFEC94E023A4",
"versionEndExcluding": "1.3.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF06551-3FF4-4BCD-9EE4-75EFCE7BBCBA",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A51CFA68-5B69-4676-B47C-C1B7AEAB5022",
"versionEndExcluding": "39.5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player para Microsoft Windows y Cisco Webex Player para Microsoft Windows podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n almacenada de Webex tanto en el Advanced Recording Format (ARF) como en el Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario para que abra el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en el sistema afectado con los privilegios del usuario apuntado."
}
],
"id": "CVE-2020-3194",
"lastModified": "2024-11-21T05:30:31.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T21:15:35.340",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 17:15
Modified
2024-11-21 05:44
Severity ?
4.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings_desktop | - | |
| cisco | webex_meetings_online | - | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_network_recording_player | - | |
| cisco | webex_teams | 3.0.15485.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_desktop:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B13F932E-8877-44C0-8EDC-C75F14C2809B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B47441-8048-4544-86A8-611DA68398A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "A34EE1A3-F564-4B28-A252-1E0AD53B2B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_teams:3.0.15485.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F367BA7A-1DA0-4E31-BFB5-CC988E7DF3CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Meetings Desktop App para Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player para Windows y Cisco Webex Teams para Windows, podr\u00eda permitir a un atacante local autenticado llevar a cabo un ataque de inyecci\u00f3n de DLL en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas en el sistema Windows. Esta vulnerabilidad es debido a un manejo incorrecto de las rutas de directorio en tiempo de ejecuci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad al insertar un archivo de configuraci\u00f3n en una ruta espec\u00edfica del sistema, lo que puede causar que se cargue un archivo DLL malicioso cuando se inicie la aplicaci\u00f3n. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado con los privilegios de otra cuenta de usuario"
}
],
"id": "CVE-2021-1536",
"lastModified": "2024-11-21T05:44:34.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T17:15:09.150",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ykramarz@cisco.com",
"type": "Primary"
}
]
}