Details of VAR-201405-0478

ID

VAR-201405-0478

CVE

CVE-2014-2133

TITLE

Cisco Advanced Recording Format Player Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-002425

DESCRIPTION

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. Cisco Advanced Recording Format (ARF) Player Contains a buffer overflow vulnerability. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug ID CSCuj87565

Trust: 1.98

sources: NVD: CVE-2014-2133 // JVNDB: JVNDB-2014-002425 // BID: 67261 // VULHUB: VHN-70072

AFFECTED PRODUCTS

vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t29	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t28	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t27ld	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t29	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t27ld	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t28	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	lt	version:	t27 ld thats all t27 ld sp32 ep16	Trust: 0.8
vendor:	cisco	model:	webex advanced recording format player	scope:	lt	version:	t28 thats all t28.12	Trust: 0.8
vendor:	cisco	model:	webex advanced recording format player	scope:	lt	version:	t29 thats all t29.2	Trust: 0.8

sources: JVNDB: JVNDB-2014-002425 // CNNVD: CNNVD-201405-156 // NVD: CVE-2014-2133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2133
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2133
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-156
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70072
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2133
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70072
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70072 // JVNDB: JVNDB-2014-002425 // CNNVD: CNNVD-201405-156 // NVD: CVE-2014-2133

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-70072 // JVNDB: JVNDB-2014-002425 // NVD: CVE-2014-2133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-156

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-156

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002425

PATCH

title:	cisco-sa-20140507-webex	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex	Trust: 0.8
title:	34030	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34030	Trust: 0.8
title:	cisco-sa-20140507-webex	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122550_cisco-sa-20140507-webex-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002425

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2133	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002425	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-156	Trust: 0.7
db:	CISCO	id:	20140507 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS	Trust: 0.6
db:	BID	id:	67261	Trust: 0.4
db:	VULHUB	id:	VHN-70072	Trust: 0.1

sources: VULHUB: VHN-70072 // BID: 67261 // JVNDB: JVNDB-2014-002425 // CNNVD: CNNVD-201405-156 // NVD: CVE-2014-2133

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2133	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2133	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34030	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewipssignature.x?signatureid=4306&signaturesubid=0&softwareversion=6.0&releaseversion=s795	Trust: 0.3
url:	http://www.webex.com/play-webex-recording.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex#software	Trust: 0.3

sources: VULHUB: VHN-70072 // BID: 67261 // JVNDB: JVNDB-2014-002425 // CNNVD: CNNVD-201405-156 // NVD: CVE-2014-2133

CREDITS

Fortinet

Trust: 0.3

sources: BID: 67261

SOURCES

db:	VULHUB	id:	VHN-70072
db:	BID	id:	67261
db:	JVNDB	id:	JVNDB-2014-002425
db:	CNNVD	id:	CNNVD-201405-156
db:	NVD	id:	CVE-2014-2133

LAST UPDATE DATE

2024-11-23T21:45:10.125000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70072	date:	2014-05-08T00:00:00
db:	BID	id:	67261	date:	2014-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-002425	date:	2014-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201405-156	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-2133	date:	2024-11-21T02:05:42.947

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70072	date:	2014-05-08T00:00:00
db:	BID	id:	67261	date:	2014-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-002425	date:	2014-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201405-156	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-2133	date:	2014-05-08T10:55:03.857