CNVD-2018-19401

Vulnerability from cnvd - Published: 2018-09-20
VLAI Severity ?
Title
Cisco Webex Network Recording Player远程代码执行漏洞(CNVD-2018-19401)
Description
Cisco Webex Network Recording Player for Advanced Recording Format(ARF)是一个主要用于播放ARF格式的WebEx录制文件的媒体播放器。 Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could存在远程代码执行漏洞,该漏洞是由于对Webex录制文件的未进行正确验证。 攻击者可以通过向用户发送包含恶意文件的链接或电子邮件附件并说服用户在Cisco Webex播放器中打开该文件来利用漏洞。 成功利用可能允许攻击者在受影响的系统上执行任意代码。
Severity
Patch Name
Cisco Webex Network Recording Player远程代码执行漏洞(CNVD-2018-19401)的补丁
Patch Description
Cisco Webex Network Recording Player for Advanced Recording Format(ARF)是一个主要用于播放ARF格式的WebEx录制文件的媒体播放器。 Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could存在远程代码执行漏洞,该漏洞是由于对Webex录制文件的未进行正确验证。 攻击者可以通过向用户发送包含恶意文件的链接或电子邮件附件并说服用户在Cisco Webex播放器中打开该文件来利用漏洞。 成功利用可能允许攻击者在受影响的系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

思科发布了解决上述漏洞的软件更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex
Impacted products
Name
['Cisco Webex Meetings Suite (WBS32) <WBS32.15.10', 'Cisco Webex Meetings Suite (WBS33) <WBS33.3', 'Cisco Webex Meetings Online sites <1.3.37', 'Cisco Webex Meetings Server <3.0MR2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-15414"
    }
  },
  "description": "Cisco Webex Network Recording Player for Advanced Recording Format\uff08ARF\uff09\u662f\u4e00\u4e2a\u4e3b\u8981\u7528\u4e8e\u64ad\u653eARF\u683c\u5f0f\u7684WebEx\u5f55\u5236\u6587\u4ef6\u7684\u5a92\u4f53\u64ad\u653e\u5668\u3002 \r\n\r\nCisco Webex Network Recording Player for Advanced Recording Format (ARF) could\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5bf9Webex\u5f55\u5236\u6587\u4ef6\u7684\u672a\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u5305\u542b\u6076\u610f\u6587\u4ef6\u7684\u94fe\u63a5\u6216\u7535\u5b50\u90ae\u4ef6\u9644\u4ef6\u5e76\u8bf4\u670d\u7528\u6237\u5728Cisco Webex\u64ad\u653e\u5668\u4e2d\u6253\u5f00\u8be5\u6587\u4ef6\u6765\u5229\u7528\u6f0f\u6d1e\u3002 \u6210\u529f\u5229\u7528\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Steven Seeley (mr_me) of Source Incite working with Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u601d\u79d1\u53d1\u5e03\u4e86\u89e3\u51b3\u4e0a\u8ff0\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19401",
  "openTime": "2018-09-20",
  "patchDescription": "Cisco Webex Network Recording Player for Advanced Recording Format\uff08ARF\uff09\u662f\u4e00\u4e2a\u4e3b\u8981\u7528\u4e8e\u64ad\u653eARF\u683c\u5f0f\u7684WebEx\u5f55\u5236\u6587\u4ef6\u7684\u5a92\u4f53\u64ad\u653e\u5668\u3002 \r\n\r\nCisco Webex Network Recording Player for Advanced Recording Format (ARF) could\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5bf9Webex\u5f55\u5236\u6587\u4ef6\u7684\u672a\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u5305\u542b\u6076\u610f\u6587\u4ef6\u7684\u94fe\u63a5\u6216\u7535\u5b50\u90ae\u4ef6\u9644\u4ef6\u5e76\u8bf4\u670d\u7528\u6237\u5728Cisco Webex\u64ad\u653e\u5668\u4e2d\u6253\u5f00\u8be5\u6587\u4ef6\u6765\u5229\u7528\u6f0f\u6d1e\u3002 \u6210\u529f\u5229\u7528\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Webex Network Recording Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-19401\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Webex Meetings Suite (WBS32) \u003cWBS32.15.10",
      "Cisco Webex Meetings Suite (WBS33) \u003cWBS33.3",
      "Cisco Webex Meetings Online sites \u003c1.3.37",
      "Cisco Webex Meetings Server \u003c3.0MR2"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-20",
  "title": "Cisco Webex Network Recording Player\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-19401\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.