Sign-up

ID

VAR-201801-1054


CVE

CVE-2018-0103


TITLE

Cisco WebEx Network Recording Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001271

DESCRIPTION

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839. Vendors have confirmed this vulnerability Bug ID CSCvg78835 , CSCvg78837 ,and CSCvg78839 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crafted data in an ARF file can trigger an overflow of a heap-based buffer. Attackers can exploit this issue to cause a denial-of-service condition. WebEx ARF player is one of the media players mainly used to play WebEx recording files in ARF format

Trust: 2.61

sources: NVD: CVE-2018-0103 // JVNDB: JVNDB-2018-001271 // ZDI: ZDI-18-007 // BID: 102369 // VULHUB: VHN-118305

AFFECTED PRODUCTS

vendor:ciscomodel:webex business suitescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetingsscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex network recording playerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex network recording playerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webexscope: - version: -

Trust: 0.7

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings t31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings t30scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings t32.9scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings t32scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings t31.20.2scope:neversion: -

Trust: 0.3

sources: ZDI: ZDI-18-007 // BID: 102369 // JVNDB: JVNDB-2018-001271 // CNNVD: CNNVD-201801-206 // NVD: CVE-2018-0103

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0103
value: HIGH

Trust: 1.0

NVD: CVE-2018-0103
value: HIGH

Trust: 0.8

ZDI: CVE-2018-0103
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201801-206
value: HIGH

Trust: 0.6

VULHUB: VHN-118305
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0103
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2018-0103
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

ZDI: CVE-2018-0103
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-118305
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0103
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2018-0103
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-18-007 // VULHUB: VHN-118305 // JVNDB: JVNDB-2018-001271 // CNNVD: CNNVD-201801-206 // NVD: CVE-2018-0103

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-118305 // JVNDB: JVNDB-2018-001271 // NVD: CVE-2018-0103

THREAT TYPE

local

Trust: 0.9

sources: BID: 102369 // CNNVD: CNNVD-201801-206

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201801-206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001271

PATCH
title:cisco-sa-20180103-wnrpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp
Trust: 1.5
title:Multiple Cisco product WebEx ARF player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77521
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-007 // 
            
            
            
            JVNDB: JVNDB-2018-001271 // 
            
            
            
            CNNVD: CNNVD-201801-206

EXTERNAL IDS
db:NVDid:CVE-2018-0103
Trust: 3.5
db:BIDid:102369
Trust: 2.0
db:JVNDBid:JVNDB-2018-001271
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4913
Trust: 0.7
db:ZDIid:ZDI-18-007
Trust: 0.7
db:CNNVDid:CNNVD-201801-206
Trust: 0.7
db:VULHUBid:VHN-118305
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-007 // 
            
            
            
            VULHUB: VHN-118305 // 
            
            
            
            BID: 102369 // 
            
            
            
            JVNDB: JVNDB-2018-001271 // 
            
            
            
            CNNVD: CNNVD-201801-206 // 
            
            
            
            NVD: CVE-2018-0103

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180103-wnrp
Trust: 2.7
url:http://www.securityfocus.com/bid/102369
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0103
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0103
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-007 // 
            
            
            
            VULHUB: VHN-118305 // 
            
            
            
            BID: 102369 // 
            
            
            
            JVNDB: JVNDB-2018-001271 // 
            
            
            
            CNNVD: CNNVD-201801-206 // 
            
            
            
            NVD: CVE-2018-0103

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-007

SOURCES
db:ZDIid:ZDI-18-007
db:VULHUBid:VHN-118305
db:BIDid:102369
db:JVNDBid:JVNDB-2018-001271
db:CNNVDid:CNNVD-201801-206
db:NVDid:CVE-2018-0103

LAST UPDATE DATE
2024-11-23T23:08:48.242000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-007date:2018-01-03T00:00:00
db:VULHUBid:VHN-118305date:2019-10-09T00:00:00
db:BIDid:102369date:2018-01-03T00:00:00
db:JVNDBid:JVNDB-2018-001271date:2018-02-05T00:00:00
db:CNNVDid:CNNVD-201801-206date:2019-08-14T00:00:00
db:NVDid:CVE-2018-0103date:2024-11-21T03:37:31.613

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-007date:2018-01-03T00:00:00
db:VULHUBid:VHN-118305date:2018-01-04T00:00:00
db:BIDid:102369date:2018-01-03T00:00:00
db:JVNDBid:JVNDB-2018-001271date:2018-02-05T00:00:00
db:CNNVDid:CNNVD-201801-206date:2018-01-05T00:00:00
db:NVDid:CVE-2018-0103date:2018-01-04T06:29:00.340