ID
VAR-201711-0371
CVE
CVE-2017-12360
TITLE
Cisco WebEx Network Recording Player Resource management vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301. Vendors have confirmed this vulnerability Bug ID CSCve30294 and CSCve30301 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | t30 | Trust: 1.6 |
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | t31 | Trust: 1.6 |
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | t32 | Trust: 1.6 |
| vendor: | cisco | model: | webex meeting center | scope: | eq | version: | t29 | Trust: 1.6 |
| vendor: | cisco | model: | webex meeting center | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | webex network recording player | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | webex meetings t32 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | webex meetings t31 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | webex meetings t30 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | webex meetings t29 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20171129-webex1 | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1 | Trust: 0.8 |
| title: | Cisco WebEx Business Suite meeting site and Cisco WebEx Meetings site WebEx Recording Format Player Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76825 | Trust: 0.6 |
| title: | Cisco: Cisco WebEx Network Recording Player Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20171129-webex1 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-12360 | Trust: 2.9 |
| db: | BID | id: | 102001 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2017-010234 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201711-1206 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-102875 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-12360 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex1 | Trust: 2.2 |
| url: | http://www.securityfocus.com/bid/102001 | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12360 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-12360 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Yihan Lian of Qihoo 360 GearTeam
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-102875 |
| db: | VULMON | id: | CVE-2017-12360 |
| db: | BID | id: | 102001 |
| db: | JVNDB | id: | JVNDB-2017-010234 |
| db: | CNNVD | id: | CNNVD-201711-1206 |
| db: | NVD | id: | CVE-2017-12360 |
LAST UPDATE DATE
2024-11-23T22:26:35.929000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-102875 | date: | 2019-10-09T00:00:00 |
| db: | VULMON | id: | CVE-2017-12360 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 102001 | date: | 2017-12-19T22:37:00 |
| db: | JVNDB | id: | JVNDB-2017-010234 | date: | 2017-12-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1206 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-12360 | date: | 2024-11-21T03:09:22.907 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-102875 | date: | 2017-11-30T00:00:00 |
| db: | VULMON | id: | CVE-2017-12360 | date: | 2017-11-30T00:00:00 |
| db: | BID | id: | 102001 | date: | 2017-11-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-010234 | date: | 2017-12-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1206 | date: | 2017-12-01T00:00:00 |
| db: | NVD | id: | CVE-2017-12360 | date: | 2017-11-30T09:29:01.307 |