Sign-up

ID

VAR-201711-0381


CVE

CVE-2017-12370


TITLE

Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-17-935 // ZDI: ZDI-17-936 // ZDI: ZDI-17-934

DESCRIPTION

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850. Vendors have confirmed this vulnerability Bug ID CSCvf38060 , CSCvg54836 , CSCvf38077 , CSCvg54843 , CSCvf38084 and CSCvg54850 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of WRF files. Crafted data in a WRF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Cisco WebEx Products are prone to the following security vulnerabilities: 1. Multiple remote code-execution vulnerabilities 2. Failed exploit attempts will likely result in denial-of-service conditions. Cisco WebEx Business Suite (WBS30) client and so on are the client software of Cisco's video conferencing solution. The following products and versions are affected: Cisco WebEx Business Suite (WBS30) client builds prior to T30.20; WebEx Business Suite (WBS31) client builds prior to T31.14.1; WebEx Business Suite (WBS32) client builds prior to T32.2 versions before WebEx Meetings with client builds prior to T31.14; versions prior to WebEx Meeting Server builds 2.7MR3

Trust: 3.87

sources: NVD: CVE-2017-12370 // JVNDB: JVNDB-2017-010393 // ZDI: ZDI-17-935 // ZDI: ZDI-17-936 // ZDI: ZDI-17-934 // BID: 102017 // VULHUB: VHN-102886

AFFECTED PRODUCTS

vendor:ciscomodel:webexscope: - version: -

Trust: 2.1

vendor:ciscomodel:webex meetingsscope:eqversion:t30

Trust: 1.6

vendor:ciscomodel:webex meetingsscope:eqversion:t31

Trust: 1.6

vendor:ciscomodel:webex business suite clientscope:eqversion:0

Trust: 0.9

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings clientscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meeting serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex business suite client t31.10scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t30.17scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings client t31.14scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meeting server 2.7mr3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t32.2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t31.14.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t30.20scope:neversion: -

Trust: 0.3

sources: ZDI: ZDI-17-935 // ZDI: ZDI-17-936 // ZDI: ZDI-17-934 // BID: 102017 // JVNDB: JVNDB-2017-010393 // CNNVD: CNNVD-201711-1143 // NVD: CVE-2017-12370

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-12370
value: MEDIUM

Trust: 2.1

nvd@nist.gov: CVE-2017-12370
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12370
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-1143
value: CRITICAL

Trust: 0.6

VULHUB: VHN-102886
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12370
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.9

VULHUB: VHN-102886
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12370
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-17-935 // ZDI: ZDI-17-936 // ZDI: ZDI-17-934 // VULHUB: VHN-102886 // JVNDB: JVNDB-2017-010393 // CNNVD: CNNVD-201711-1143 // NVD: CVE-2017-12370

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-102886 // JVNDB: JVNDB-2017-010393 // NVD: CVE-2017-12370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1143

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-1143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010393

PATCH
title:cisco-sa-20171129-webex-playersurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
Trust: 2.9
title:Multiple Cisco product WebEx Recording Format Player  and Advanced Recording Format Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76798
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-935 // 
            
            
            
            ZDI: ZDI-17-936 // 
            
            
            
            ZDI: ZDI-17-934 // 
            
            
            
            JVNDB: JVNDB-2017-010393 // 
            
            
            
            CNNVD: CNNVD-201711-1143

EXTERNAL IDS
db:NVDid:CVE-2017-12370
Trust: 5.0
db:BIDid:102017
Trust: 2.0
db:SECTRACKid:1039895
Trust: 1.7
db:JVNDBid:JVNDB-2017-010393
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4989
Trust: 0.7
db:ZDIid:ZDI-17-935
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-4988
Trust: 0.7
db:ZDIid:ZDI-17-936
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-4990
Trust: 0.7
db:ZDIid:ZDI-17-934
Trust: 0.7
db:CNNVDid:CNNVD-201711-1143
Trust: 0.7
db:VULHUBid:VHN-102886
Trust: 0.1
db:PACKETSTORMid:145176
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-935 // 
            
            
            
            ZDI: ZDI-17-936 // 
            
            
            
            ZDI: ZDI-17-934 // 
            
            
            
            VULHUB: VHN-102886 // 
            
            
            
            BID: 102017 // 
            
            
            
            JVNDB: JVNDB-2017-010393 // 
            
            
            
            PACKETSTORM: 145176 // 
            
            
            
            CNNVD: CNNVD-201711-1143 // 
            
            
            
            NVD: CVE-2017-12370

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex-players
Trust: 4.1
url:http://www.securityfocus.com/bid/102017
Trust: 1.7
url:http://www.securitytracker.com/id/1039895
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-12370
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12370
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-12372
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12369
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12367
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12368
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12371
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-935 // 
            
            
            
            ZDI: ZDI-17-936 // 
            
            
            
            ZDI: ZDI-17-934 // 
            
            
            
            VULHUB: VHN-102886 // 
            
            
            
            BID: 102017 // 
            
            
            
            JVNDB: JVNDB-2017-010393 // 
            
            
            
            PACKETSTORM: 145176 // 
            
            
            
            CNNVD: CNNVD-201711-1143 // 
            
            
            
            NVD: CVE-2017-12370

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 2.1
sources:
            
            
            ZDI: ZDI-17-935 // 
            
            
            
            ZDI: ZDI-17-936 // 
            
            
            
            ZDI: ZDI-17-934

SOURCES
db:ZDIid:ZDI-17-935
db:ZDIid:ZDI-17-936
db:ZDIid:ZDI-17-934
db:VULHUBid:VHN-102886
db:BIDid:102017
db:JVNDBid:JVNDB-2017-010393
db:PACKETSTORMid:145176
db:CNNVDid:CNNVD-201711-1143
db:NVDid:CVE-2017-12370

LAST UPDATE DATE
2024-11-23T22:22:21.951000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-935date:2017-12-06T00:00:00
db:ZDIid:ZDI-17-936date:2017-12-06T00:00:00
db:ZDIid:ZDI-17-934date:2017-12-06T00:00:00
db:VULHUBid:VHN-102886date:2019-10-09T00:00:00
db:BIDid:102017date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010393date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1143date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12370date:2024-11-21T03:09:24.240

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-935date:2017-12-06T00:00:00
db:ZDIid:ZDI-17-936date:2017-12-06T00:00:00
db:ZDIid:ZDI-17-934date:2017-12-06T00:00:00
db:VULHUBid:VHN-102886date:2017-11-30T00:00:00
db:BIDid:102017date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010393date:2017-12-13T00:00:00
db:PACKETSTORMid:145176date:2017-12-01T03:05:38
db:CNNVDid:CNNVD-201711-1143date:2017-11-30T00:00:00
db:NVDid:CVE-2017-12370date:2017-11-30T09:29:01.650