ID

VAR-201405-0477


CVE

CVE-2014-2132


TITLE

Cisco WebEx Recording Format Player and Advanced Recording Format Player Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002424

DESCRIPTION

Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. Cisco WebEx WRF and ARF Players are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh52768

Trust: 1.98

sources: NVD: CVE-2014-2132 // JVNDB: JVNDB-2014-002424 // BID: 67259 // VULHUB: VHN-70071

AFFECTED PRODUCTS

vendor:ciscomodel:webex recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t27 ld thats all t27 ld sp32 ep16

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t28 thats all t28.12

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t29 thats all t29.2

Trust: 0.8

vendor:ciscomodel:webex recording format playerscope:ltversion:t27 ld thats all t27 ld sp32 ep16

Trust: 0.8

vendor:ciscomodel:webex recording format playerscope:ltversion:t28 thats all t28.12

Trust: 0.8

vendor:ciscomodel:webex recording format playerscope:ltversion:t29 thats all t29.2

Trust: 0.8

sources: JVNDB: JVNDB-2014-002424 // CNNVD: CNNVD-201405-155 // NVD: CVE-2014-2132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2132
value: HIGH

Trust: 1.0

NVD: CVE-2014-2132
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-155
value: HIGH

Trust: 0.6

VULHUB: VHN-70071
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2132
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70071
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70071 // JVNDB: JVNDB-2014-002424 // CNNVD: CNNVD-201405-155 // NVD: CVE-2014-2132

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-70071 // JVNDB: JVNDB-2014-002424 // NVD: CVE-2014-2132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-155

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-155

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:webex_advanced_recording_format_player"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:webex_recording_format_player"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-002424

PATCH

title:cisco-sa-20140507-webexurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex

Trust: 0.8

title:34029url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34029

Trust: 0.8

title:cisco-sa-20140507-webexurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122550_cisco-sa-20140507-webex-j.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-002424

EXTERNAL IDS

db:NVDid:CVE-2014-2132

Trust: 2.8

db:JVNDBid:JVNDB-2014-002424

Trust: 0.8

db:CNNVDid:CNNVD-201405-155

Trust: 0.7

db:CISCOid:20140507 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS

Trust: 0.6

db:BIDid:67259

Trust: 0.4

db:VULHUBid:VHN-70071

Trust: 0.1

sources: VULHUB: VHN-70071 // BID: 67259 // JVNDB: JVNDB-2014-002424 // CNNVD: CNNVD-201405-155 // NVD: CVE-2014-2132

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2132

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2132

Trust: 0.8

url:http://www.webex.com/

Trust: 0.3

sources: VULHUB: VHN-70071 // BID: 67259 // JVNDB: JVNDB-2014-002424 // CNNVD: CNNVD-201405-155 // NVD: CVE-2014-2132

CREDITS

Fortinet

Trust: 0.3

sources: BID: 67259

SOURCES

db:VULHUBid:VHN-70071
db:BIDid:67259
db:JVNDBid:JVNDB-2014-002424
db:CNNVDid:CNNVD-201405-155
db:NVDid:CVE-2014-2132

LAST UPDATE DATE

2024-11-23T21:45:10.094000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-70071date:2014-05-08T00:00:00
db:BIDid:67259date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002424date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-155date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2132date:2024-11-21T02:05:42.840

SOURCES RELEASE DATE

db:VULHUBid:VHN-70071date:2014-05-08T00:00:00
db:BIDid:67259date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002424date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-155date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2132date:2014-05-08T10:55:03.700