cve-2020-3319
Vulnerability from cvelistv5
Published
2020-06-03 16:55
Modified
2024-11-15 17:20
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.
References
ykramarz@cisco.comhttps://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254Vendor Advisory
Impacted products
Vendor Product Version
Cisco Cisco Webex Network Recording Player Version: unspecified   < 3.0 MR3 Security Patch 2
Version: unspecified   < 4.0 MR3
Cisco Cisco Webex Player for Microsoft Windows Version: unspecified   < 3.0 MR3 Security Patch 2
Version: unspecified   < 4.0 MR3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:28:22.385143Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:20:29.314Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Network Recording Player",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "3.0 MR3 Security Patch 2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0 MR3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Cisco Webex Player for Microsoft Windows",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "3.0 MR3 Security Patch 2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0 MR3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T16:55:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
        }
      ],
      "source": {
        "advisory": "CSCvs98254",
        "defect": [
          "CSCvs98254",
          "CSCvs98255",
          "CSCvs98256"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00.000Z",
          "ID": "CVE-2020-3319",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Network Recording Player",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.0 MR3 Security Patch 2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.0 MR3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Webex Player for Microsoft Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.0 MR3 Security Patch 2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.0 MR3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254"
            }
          ]
        },
        "source": {
          "advisory": "CSCvs98254",
          "defect": [
            "CSCvs98254",
            "CSCvs98255",
            "CSCvs98256"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3319",
    "datePublished": "2020-06-03T16:55:13.483571Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:20:29.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*\", \"versionEndIncluding\": \"3.0\", \"matchCriteriaId\": \"25A839E1-6437-49B2-9906-D61298FC366B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_network_recording_player:4.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E922D69B-C5A1-40FD-AF7C-7BC7DF30E5B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_player:*:*:*:*:*:windows:*:*\", \"versionEndIncluding\": \"3.0\", \"matchCriteriaId\": \"B464C74B-64E8-4DEB-A642-3AAC577DF8CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\\u00eda permitir a un atacante  causar un bloqueo del proceso resultando en una condici\\u00f3n de Denegaci\\u00f3n de servicio (DoS) para la aplicaci\\u00f3n del reproductor sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\\u00f3n insuficiente de determinados elementos con una grabaci\\u00f3n de Webex almacenada en el Advanced Recording Format (ARF) o en el  Webex Recording Format (WRF). Un atacante podr\\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\\u00f3nico y persuadiendo al usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir a un atacante causar que la aplicaci\\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso. Esta vulnerabilidad afecta a las versiones de Cisco Webex Network Recording Player y Webex Player anteriores a la versi\\u00f3n 3.0 MR3 Security Patch 2 y 4.0 MR3.\"}]",
      "id": "CVE-2020-3319",
      "lastModified": "2024-11-21T05:30:48.023",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-06-03T17:15:25.733",
      "references": "[{\"url\": \"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3319\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-06-03T17:15:25.733\",\"lastModified\":\"2024-11-21T05:30:48.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\u00eda permitir a un atacante  causar un bloqueo del proceso resultando en una condici\u00f3n de Denegaci\u00f3n de servicio (DoS) para la aplicaci\u00f3n del reproductor sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n de Webex almacenada en el Advanced Recording Format (ARF) o en el  Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que la aplicaci\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso. Esta vulnerabilidad afecta a las versiones de Cisco Webex Network Recording Player y Webex Player anteriores a la versi\u00f3n 3.0 MR3 Security Patch 2 y 4.0 MR3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"25A839E1-6437-49B2-9906-D61298FC366B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_network_recording_player:4.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E922D69B-C5A1-40FD-AF7C-7BC7DF30E5B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_player:*:*:*:*:*:windows:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"B464C74B-64E8-4DEB-A642-3AAC577DF8CD\"}]}]}],\"references\":[{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\", \"name\": \"Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:30:57.989Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3319\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:28:22.385143Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:28:59.425Z\"}}], \"cna\": {\"title\": \"Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability\", \"source\": {\"defect\": [\"CSCvs98254\", \"CSCvs98255\", \"CSCvs98256\"], \"advisory\": \"CSCvs98254\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Webex Network Recording Player\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"3.0 MR3 Security Patch 2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.0 MR3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Webex Player for Microsoft Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"3.0 MR3 Security Patch 2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.0 MR3\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2020-06-03T00:00:00\", \"references\": [{\"url\": \"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\", \"name\": \"Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-06-03T16:55:13\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Cisco would like to thank Kexu Wang of Fortinet\u0027s FortiGuard Labs for reporting this vulnerability\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"defect\": [\"CSCvs98254\", \"CSCvs98255\", \"CSCvs98256\"], \"advisory\": \"CSCvs98254\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.0 MR3 Security Patch 2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.0 MR3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Cisco Webex Network Recording Player\"}, {\"version\": {\"version_data\": [{\"version_value\": \"3.0 MR3 Security Patch 2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.0 MR3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Cisco Webex Player for Microsoft Windows\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254\", \"name\": \"Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20 Improper Input Validation\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3319\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-06-03T16:00:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3319\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:20:29.314Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-06-03T16:55:13.483571Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.