Sign-up

ID

VAR-201405-0481


CVE

CVE-2014-2136


TITLE

Cisco Advanced Recording Format Player Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-002428

DESCRIPTION

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug IDs CSCui72223, CSCul01163, CSCul0116

Trust: 1.98

sources: NVD: CVE-2014-2136 // JVNDB: JVNDB-2014-002428 // BID: 67264 // VULHUB: VHN-70075

AFFECTED PRODUCTS

vendor:ciscomodel:webex recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t27 ld thats all t27 ld sp32 ep16

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t28 thats all t28.12

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t29 thats all t29.2

Trust: 0.8

sources: JVNDB: JVNDB-2014-002428 // CNNVD: CNNVD-201405-159 // NVD: CVE-2014-2136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2136
value: HIGH

Trust: 1.0

NVD: CVE-2014-2136
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-159
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70075
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2136
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70075
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70075 // JVNDB: JVNDB-2014-002428 // CNNVD: CNNVD-201405-159 // NVD: CVE-2014-2136

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-70075 // JVNDB: JVNDB-2014-002428 // NVD: CVE-2014-2136

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-159

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-159

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002428

PATCH
title:cisco-sa-20140507-webexurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
Trust: 0.8
title:34033url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34033
Trust: 0.8
title:cisco-sa-20140507-webexurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122550_cisco-sa-20140507-webex-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002428

EXTERNAL IDS
db:NVDid:CVE-2014-2136
Trust: 2.8
db:JVNDBid:JVNDB-2014-002428
Trust: 0.8
db:CNNVDid:CNNVD-201405-159
Trust: 0.7
db:CISCOid:20140507 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS
Trust: 0.6
db:BIDid:67264
Trust: 0.4
db:VULHUBid:VHN-70075
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70075 // 
            
            
            
            BID: 67264 // 
            
            
            
            JVNDB: JVNDB-2014-002428 // 
            
            
            
            CNNVD: CNNVD-201405-159 // 
            
            
            
            NVD: CVE-2014-2136

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2136
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2136
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70075 // 
            
            
            
            BID: 67264 // 
            
            
            
            JVNDB: JVNDB-2014-002428 // 
            
            
            
            CNNVD: CNNVD-201405-159 // 
            
            
            
            NVD: CVE-2014-2136

CREDITS
Microsoft Vulnerability Research (MSVR) team
Trust: 0.3
sources:
            
            
            BID: 67264

SOURCES
db:VULHUBid:VHN-70075
db:BIDid:67264
db:JVNDBid:JVNDB-2014-002428
db:CNNVDid:CNNVD-201405-159
db:NVDid:CVE-2014-2136

LAST UPDATE DATE
2024-11-23T21:45:10.031000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70075date:2014-05-08T00:00:00
db:BIDid:67264date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002428date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-159date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2136date:2024-11-21T02:05:43.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-70075date:2014-05-08T00:00:00
db:BIDid:67264date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002428date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-159date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2136date:2014-05-08T10:55:04.153