cvelistv5 - CVE-2016-1464

CVE-2016-1464 (GCVE-0-2016-1464)

Vulnerability from cvelistv5 – Published: 2016-09-03 20:00 – Updated: 2024-08-05 22:55

Summary

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1036712	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/92708	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/40508/	exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160831 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
          },
          {
            "name": "1036712",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036712"
          },
          {
            "name": "92708",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92708"
          },
          {
            "name": "40508",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40508/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160831 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
        },
        {
          "name": "1036712",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036712"
        },
        {
          "name": "92708",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92708"
        },
        {
          "name": "40508",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40508/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160831 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
            },
            {
              "name": "1036712",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036712"
            },
            {
              "name": "92708",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92708"
            },
            {
              "name": "40508",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40508/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1464",
    "datePublished": "2016-09-03T20:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_wrf_player_t29:sp10_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF090D54-97ED-4E83-A868-F21517550266\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.\"}, {\"lang\": \"es\", \"value\": \"Cisco WebEx Meetings Player T29.10, cuando el soporte de archivo WRF est\\u00e1 habilitado, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un archivo manipulado, tambi\\u00e9n conocido como Bug ID CSCva09375.\"}]",
      "id": "CVE-2016-1464",
      "lastModified": "2024-11-21T02:46:29.570",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-09-03T20:59:05.140",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92708\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036712\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/40508/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92708\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40508/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1464\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-09-03T20:59:05.140\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.\"},{\"lang\":\"es\",\"value\":\"Cisco WebEx Meetings Player T29.10, cuando el soporte de archivo WRF est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado, tambi\u00e9n conocido como Bug ID CSCva09375.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_wrf_player_t29:sp10_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF090D54-97ED-4E83-A868-F21517550266\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92708\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1036712\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40508/\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40508/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2016-1464

Vulnerability from fkie_nvd - Published: 2016-09-03 20:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/92708
psirt@cisco.com	http://www.securitytracker.com/id/1036712
psirt@cisco.com	https://www.exploit-db.com/exploits/40508/
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92708
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036712
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40508/

Impacted products

	Vendor	Product	Version
	cisco	webex_wrf_player_t29	sp10_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_wrf_player_t29:sp10_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF090D54-97ED-4E83-A868-F21517550266",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375."
    },
    {
      "lang": "es",
      "value": "Cisco WebEx Meetings Player T29.10, cuando el soporte de archivo WRF est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado, tambi\u00e9n conocido como Bug ID CSCva09375."
    }
  ],
  "id": "CVE-2016-1464",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-03T20:59:05.140",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/92708"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036712"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://www.exploit-db.com/exploits/40508/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/40508/"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2R6V-2267-CW2R

Vulnerability from github – Published: 2022-05-17 01:18 – Updated: 2025-04-12 13:03

Details

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-03T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.",
  "id": "GHSA-2r6v-2267-cw2r",
  "modified": "2025-04-12T13:03:46Z",
  "published": "2022-05-17T01:18:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1464"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40508"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92708"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036712"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-1464

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

Aliases

CVE-2016-1464

Aliases

CVE-2016-1464

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1464",
    "description": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.",
    "id": "GSD-2016-1464",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-1464"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1464"
      ],
      "details": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.",
      "id": "GSD-2016-1464",
      "modified": "2023-12-13T01:21:24.963391Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1464",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160831 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
          },
          {
            "name": "1036712",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036712"
          },
          {
            "name": "92708",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92708"
          },
          {
            "name": "40508",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40508/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_wrf_player_t29:sp10_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1464"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160831 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
            },
            {
              "name": "92708",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/92708"
            },
            {
              "name": "1036712",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036712"
            },
            {
              "name": "40508",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40508/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-09-03T01:29Z",
      "publishedDate": "2016-09-03T20:59Z"
    }
  }
}

CERTFR-2016-AVI-358

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco WebEx Meetings Player. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings versions T29.x antérieures à T29.13.112
Cisco	N/A	Cisco WebEx Meetings versions T30.x antérieures à T30.12.1
Cisco	N/A	Cisco WebEx Meetings versions T31.x antérieures à T31.5.20
Cisco	N/A	Cisco WebEx Meetings versions antérieures à T31R2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings versions T29.x ant\u00e9rieures \u00e0 T29.13.112",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions T30.x ant\u00e9rieures \u00e0 T30.12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions T31.x ant\u00e9rieures \u00e0 T31.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions ant\u00e9rieures \u00e0 T31R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1464"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco    cisco-sa-20160831-meetings-player du 22 octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
    }
  ],
  "reference": "CERTFR-2016-AVI-358",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco WebEx\nMeetings Player\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco WebEx Meetings Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-358

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco WebEx Meetings Player. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings versions T29.x antérieures à T29.13.112
Cisco	N/A	Cisco WebEx Meetings versions T30.x antérieures à T30.12.1
Cisco	N/A	Cisco WebEx Meetings versions T31.x antérieures à T31.5.20
Cisco	N/A	Cisco WebEx Meetings versions antérieures à T31R2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings versions T29.x ant\u00e9rieures \u00e0 T29.13.112",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions T30.x ant\u00e9rieures \u00e0 T30.12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions T31.x ant\u00e9rieures \u00e0 T31.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings versions ant\u00e9rieures \u00e0 T31R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1464"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco    cisco-sa-20160831-meetings-player du 22 octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
    }
  ],
  "reference": "CERTFR-2016-AVI-358",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco WebEx\nMeetings Player\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco WebEx Meetings Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-meetings-player du 22 octobre 2016",
      "url": null
    }
  ]
}

VAR-201609-0383

Vulnerability from variot - Updated: 2023-12-18 13:48

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. An attacker can exploit this issue to execute arbitrary code on the affected system with privileges of the user. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCva09375. Cisco WebEx Meetings Player T29.10 is vulnerable; other versions may also be affected. The vulnerability stems from the fact that the program does not properly handle user-supplied files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0383",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webex wrf player t29",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "sp10_base"
      },
      {
        "model": "webex meetings",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "player t29.10"
      },
      {
        "model": "webex meetings player t31",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t30",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t29.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t29",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t31r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t31.5.20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t30.12.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings player t29.13.112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_wrf_player_t29:sp10_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Francis Provencher, COSIG.",
    "sources": [
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-1464",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-1464",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-90283",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-1464",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1464",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-539",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90283",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. \nAn attacker can exploit this issue to execute arbitrary code on the affected system with privileges of the user. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID CSCva09375. \nCisco WebEx Meetings Player T29.10 is vulnerable; other versions may also be affected. The vulnerability stems from the fact that the program does not properly handle user-supplied files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90283",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1464",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "92708",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40508",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036712",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "34702",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "139134",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-90283",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "id": "VAR-201609-0383",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      }
    ],
    "trust": 0.725
  },
  "last_update_date": "2023-12-18T13:48:46.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160831-meetings-player",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-meetings-player"
      },
      {
        "title": "Cisco WebEx Meetings Player Fixes for remote arbitrary code execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63836"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-meetings-player"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92708"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/40508/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036712"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1464"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1464"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/34702"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "db": "BID",
        "id": "92708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "date": "2016-08-31T00:00:00",
        "db": "BID",
        "id": "92708"
      },
      {
        "date": "2016-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "date": "2016-09-03T20:59:05.140000",
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "date": "2016-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90283"
      },
      {
        "date": "2016-10-26T00:18:00",
        "db": "BID",
        "id": "92708"
      },
      {
        "date": "2016-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      },
      {
        "date": "2017-09-03T01:29:03.763000",
        "db": "NVD",
        "id": "CVE-2016-1464"
      },
      {
        "date": "2016-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WebEx Meetings Player Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004531"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-539"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-07018

Vulnerability from cnvd - Published: 2016-09-01

Title

Cisco WebEx Meetings Player远程代码执行漏洞

Description

Cisco WebEx Meetings是网络会议解决方案。 Cisco WebEx Meetings Player存在安全漏洞，由于程序未正确验证用户提供的文件。未经身份验证的远程用户利用此漏洞可以用户权限执行任意代码。

Severity

高

Patch Name

Cisco WebEx Meetings Player远程代码执行漏洞的补丁

Patch Description

Cisco WebEx Meetings是网络会议解决方案。 Cisco WebEx Meetings Player存在安全漏洞，由于程序未正确验证用户提供的文件。未经身份验证的远程用户利用此漏洞可以用户权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player

Impacted products

Name
Cisco WebEx Meetings Player T29.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92708"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1464"
    }
  },
  "description": "Cisco WebEx Meetings\u662f\u7f51\u7edc\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco WebEx Meetings Player\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u6587\u4ef6\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Francis Provencher, COSIG.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-07018",
  "openTime": "2016-09-01",
  "patchDescription": "Cisco WebEx Meetings\u662f\u7f51\u7edc\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco WebEx Meetings Player\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u6587\u4ef6\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco WebEx Meetings Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco WebEx Meetings Player T29.10"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player",
  "serverity": "\u9ad8",
  "submitTime": "2016-09-01",
  "title": "Cisco WebEx Meetings Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1464 (GCVE-0-2016-1464)

FKIE_CVE-2016-1464

GHSA-2R6V-2267-CW2R

GSD-2016-1464

CERTFR-2016-AVI-358

Solution

CERTFR-2016-AVI-358

Solution

VAR-201609-0383

CNVD-2016-07018

Tags

Sightings

Nomenclature