Details of VAR-201711-0382

ID

VAR-201711-0382

CVE

CVE-2017-12371

TITLE

Cisco WebEx Recorder and Player WRF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-17-937 // ZDI: ZDI-17-931

DESCRIPTION

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867. Vendors have confirmed this vulnerability Bug ID CSCvf49650 , CSCvg54853 , CSCvg54856 , CSCvf49697 , CSCvg54861 , CSCvf49707 and CSCvg54867 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ARF files. Crafted data in an ARF file can trigger access to memory prior to initialization. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Cisco WebEx Products are prone to the following security vulnerabilities: 1. Multiple remote code-execution vulnerabilities 2. Failed exploit attempts will likely result in denial-of-service conditions. Cisco WebEx Business Suite (WBS30) client and so on are the client software of Cisco's video conferencing solution. The following products and versions are affected: Cisco WebEx Business Suite (WBS30) client builds prior to T30.20; WebEx Business Suite (WBS31) client builds prior to T31.14.1; WebEx Business Suite (WBS32) client builds prior to T32.2 versions before WebEx Meetings with client builds prior to T31.14; versions prior to WebEx Meeting Server builds 2.7MR3

Trust: 4.5

sources: NVD: CVE-2017-12371 // JVNDB: JVNDB-2017-010394 // ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931 // BID: 102017 // VULHUB: VHN-102887

AFFECTED PRODUCTS

vendor:	cisco	model:	webex	scope:	-	version:	-	Trust: 2.8
vendor:	cisco	model:	webex meetings	scope:	eq	version:	t30	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	eq	version:	t31	Trust: 1.6
vendor:	cisco	model:	webex business suite client	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings client	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meeting server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t30.17	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings client t31.14	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meeting server 2.7mr3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t32.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.14.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t30.20	scope:	ne	version:	-	Trust: 0.3

sources: ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931 // BID: 102017 // JVNDB: JVNDB-2017-010394 // CNNVD: CNNVD-201711-1144 // NVD: CVE-2017-12371

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-12371
value:	MEDIUM
Trust: 2.8
nvd@nist.gov:	CVE-2017-12371
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-12371
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201711-1144
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-102887
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12371
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 4.6
VULHUB:	VHN-102887
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12371
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931 // VULHUB: VHN-102887 // JVNDB: JVNDB-2017-010394 // CNNVD: CNNVD-201711-1144 // NVD: CVE-2017-12371

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-102887 // JVNDB: JVNDB-2017-010394 // NVD: CVE-2017-12371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1144

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-1144

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010394

PATCH

title:	cisco-sa-20171129-webex-players	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players	Trust: 3.6
title:	Multiple Cisco product WebEx Recording Format Player and Advanced Recording Format Player Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76799	Trust: 0.6

sources: ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931 // JVNDB: JVNDB-2017-010394 // CNNVD: CNNVD-201711-1144

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12371	Trust: 5.7
db:	BID	id:	102017	Trust: 2.0
db:	SECTRACK	id:	1039895	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010394	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4914	Trust: 0.7
db:	ZDI	id:	ZDI-17-930	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5009	Trust: 0.7
db:	ZDI	id:	ZDI-17-932	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4986	Trust: 0.7
db:	ZDI	id:	ZDI-17-937	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4987	Trust: 0.7
db:	ZDI	id:	ZDI-17-931	Trust: 0.7
db:	CNNVD	id:	CNNVD-201711-1144	Trust: 0.7
db:	VULHUB	id:	VHN-102887	Trust: 0.1
db:	PACKETSTORM	id:	145176	Trust: 0.1

sources: ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931 // VULHUB: VHN-102887 // BID: 102017 // JVNDB: JVNDB-2017-010394 // PACKETSTORM: 145176 // CNNVD: CNNVD-201711-1144 // NVD: CVE-2017-12371

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex-players	Trust: 4.8
url:	http://www.securityfocus.com/bid/102017	Trust: 1.7
url:	http://www.securitytracker.com/id/1039895	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12371	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12371	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12372	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12369	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12367	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12368	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12370	Trust: 0.1

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 2.8

sources: ZDI: ZDI-17-930 // ZDI: ZDI-17-932 // ZDI: ZDI-17-937 // ZDI: ZDI-17-931

SOURCES

db:	ZDI	id:	ZDI-17-930
db:	ZDI	id:	ZDI-17-932
db:	ZDI	id:	ZDI-17-937
db:	ZDI	id:	ZDI-17-931
db:	VULHUB	id:	VHN-102887
db:	BID	id:	102017
db:	JVNDB	id:	JVNDB-2017-010394
db:	PACKETSTORM	id:	145176
db:	CNNVD	id:	CNNVD-201711-1144
db:	NVD	id:	CVE-2017-12371

LAST UPDATE DATE

2024-11-23T22:22:21.840000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-930	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-932	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-937	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-931	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-102887	date:	2019-10-09T00:00:00
db:	BID	id:	102017	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-010394	date:	2017-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201711-1144	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12371	date:	2024-11-21T03:09:24.357

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-17-930	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-932	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-937	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-931	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-102887	date:	2017-11-30T00:00:00
db:	BID	id:	102017	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010394	date:	2017-12-13T00:00:00
db:	PACKETSTORM	id:	145176	date:	2017-12-01T03:05:38
db:	CNNVD	id:	CNNVD-201711-1144	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-12371	date:	2017-11-30T09:29:01.683