Sign-up

ID

VAR-201711-0370


CVE

CVE-2017-12359


TITLE

Cisco WebEx Network Recording Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010233

DESCRIPTION

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543. Vendors have confirmed this vulnerability Bug ID CSCve10729 , CSCve10771 , CSCve10779 , CSCve11521 ,and CSCve11543 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to crash the Network Recording Player, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Trust: 1.98

sources: NVD: CVE-2017-12359 // JVNDB: JVNDB-2017-010233 // BID: 102186 // VULHUB: VHN-102873

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.0

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion:t30

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion:t31

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion:t32

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings t32scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings t31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings t30scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings t29scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex arf playersscope:eqversion:0

Trust: 0.3

sources: BID: 102186 // JVNDB: JVNDB-2017-010233 // CNNVD: CNNVD-201711-1207 // NVD: CVE-2017-12359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12359
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12359
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1207
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102873
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12359
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102873
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12359
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102873 // JVNDB: JVNDB-2017-010233 // CNNVD: CNNVD-201711-1207 // NVD: CVE-2017-12359

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-102873 // JVNDB: JVNDB-2017-010233 // NVD: CVE-2017-12359

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1207

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-1207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010233

PATCH
title:cisco-sa-20171129-webexurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
Trust: 0.8
title:Multiple Cisco product WebEx Advanced Recording Format Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76826
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010233 // 
            
            
            
            CNNVD: CNNVD-201711-1207

EXTERNAL IDS
db:NVDid:CVE-2017-12359
Trust: 2.8
db:BIDid:102186
Trust: 1.4
db:JVNDBid:JVNDB-2017-010233
Trust: 0.8
db:CNNVDid:CNNVD-201711-1207
Trust: 0.7
db:VULHUBid:VHN-102873
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102873 // 
            
            
            
            BID: 102186 // 
            
            
            
            JVNDB: JVNDB-2017-010233 // 
            
            
            
            CNNVD: CNNVD-201711-1207 // 
            
            
            
            NVD: CVE-2017-12359

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex
Trust: 2.0
url:http://www.securityfocus.com/bid/102186
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12359
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12359
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102873 // 
            
            
            
            BID: 102186 // 
            
            
            
            JVNDB: JVNDB-2017-010233 // 
            
            
            
            CNNVD: CNNVD-201711-1207 // 
            
            
            
            NVD: CVE-2017-12359

CREDITS
Kushal Arvind Shah of Fortinet??s Fortiguard Team.
Trust: 0.3
sources:
            
            
            BID: 102186

SOURCES
db:VULHUBid:VHN-102873
db:BIDid:102186
db:JVNDBid:JVNDB-2017-010233
db:CNNVDid:CNNVD-201711-1207
db:NVDid:CVE-2017-12359

LAST UPDATE DATE
2024-11-23T21:40:10.972000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102873date:2017-12-16T00:00:00
db:BIDid:102186date:2017-12-19T22:38:00
db:JVNDBid:JVNDB-2017-010233date:2017-12-08T00:00:00
db:CNNVDid:CNNVD-201711-1207date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12359date:2024-11-21T03:09:22.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-102873date:2017-11-30T00:00:00
db:BIDid:102186date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010233date:2017-12-08T00:00:00
db:CNNVDid:CNNVD-201711-1207date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12359date:2017-11-30T09:29:01.277