Sign-up

ID

VAR-201804-0660


CVE

CVE-2018-0112


TITLE

plural Cisco WebEx Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004272

DESCRIPTION

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds prior to 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746. Vendors have confirmed this vulnerability Bug ID CSCvg19384 , CSCvi10746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system

Trust: 2.07

sources: NVD: CVE-2018-0112 // JVNDB: JVNDB-2018-004272 // BID: 103920 // VULHUB: VHN-118314 // VULMON: CVE-2018-0112

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.9

vendor:ciscomodel:webex meetingsscope:eqversion:t31

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.6

vendor:ciscomodel:webex business suite 32scope:ltversion:t32.10

Trust: 1.0

vendor:ciscomodel:webex business suite 31scope:ltversion:t31.23.2

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex business suite clientscope:eqversion:0

Trust: 0.6

vendor:ciscomodel:webex meetings server 2.7mr2 spscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1.3047

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.6mr3 spscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.30

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr6 patchscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.99.2

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.0.997

Trust: 0.3

vendor:ciscomodel:webex meetings server mr1scope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings server basescope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings client t31.14scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:1.5.1.6

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:1.5.1.131

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:1.5

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meetings clientscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex business suite client t32.10scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t31.14.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t31.10scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings with client t32.10scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2scope:neversion:2.8

Trust: 0.3

vendor:ciscomodel:webex business suite client t32.2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex business suite client t31.23.2scope:neversion: -

Trust: 0.3

sources: BID: 103920 // JVNDB: JVNDB-2018-004272 // CNNVD: CNNVD-201804-1112 // NVD: CVE-2018-0112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0112
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0112
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-1112
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118314
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0112
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0112
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118314
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0112
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118314 // VULMON: CVE-2018-0112 // JVNDB: JVNDB-2018-004272 // CNNVD: CNNVD-201804-1112 // NVD: CVE-2018-0112

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118314 // JVNDB: JVNDB-2018-004272 // NVD: CVE-2018-0112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1112

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 103920 // CNNVD: CNNVD-201804-1112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004272

PATCH
title:cisco-sa-20180418-wbsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs
Trust: 0.8
title:Multiple Cisco Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81407
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2018/05/03/cisco_patches_may_2/
Trust: 0.2
title:The Registerurl:https://www.theregister.co.uk/2018/04/19/cisco_patch_webex/
Trust: 0.2
title:Cisco: Cisco WebEx Clients Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180418-wbs
Trust: 0.1
title:Threatposturl:https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/
Trust: 0.1
title:welivesecurityurl:https://www.welivesecurity.com/2018/04/23/firms-using-webex-risk-poisoned-flash-attacks/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0112 // 
            
            
            
            JVNDB: JVNDB-2018-004272 // 
            
            
            
            CNNVD: CNNVD-201804-1112

EXTERNAL IDS
db:NVDid:CVE-2018-0112
Trust: 2.9
db:BIDid:103920
Trust: 2.1
db:SECTRACKid:1040709
Trust: 1.8
db:JVNDBid:JVNDB-2018-004272
Trust: 0.8
db:CNNVDid:CNNVD-201804-1112
Trust: 0.6
db:VULHUBid:VHN-118314
Trust: 0.1
db:VULMONid:CVE-2018-0112
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118314 // 
            
            
            
            VULMON: CVE-2018-0112 // 
            
            
            
            BID: 103920 // 
            
            
            
            JVNDB: JVNDB-2018-004272 // 
            
            
            
            CNNVD: CNNVD-201804-1112 // 
            
            
            
            NVD: CVE-2018-0112

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-wbs
Trust: 2.2
url:http://www.securityfocus.com/bid/103920
Trust: 1.9
url:http://www.securitytracker.com/id/1040709
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0112
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0112
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118314 // 
            
            
            
            VULMON: CVE-2018-0112 // 
            
            
            
            BID: 103920 // 
            
            
            
            JVNDB: JVNDB-2018-004272 // 
            
            
            
            CNNVD: CNNVD-201804-1112 // 
            
            
            
            NVD: CVE-2018-0112

CREDITS
Alexandros Zacharis of ENISA.
Trust: 0.3
sources:
            
            
            BID: 103920

SOURCES
db:VULHUBid:VHN-118314
db:VULMONid:CVE-2018-0112
db:BIDid:103920
db:JVNDBid:JVNDB-2018-004272
db:CNNVDid:CNNVD-201804-1112
db:NVDid:CVE-2018-0112

LAST UPDATE DATE
2024-11-23T22:34:18.216000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118314date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0112date:2019-10-09T00:00:00
db:BIDid:103920date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004272date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-1112date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0112date:2024-11-21T03:37:32.720

SOURCES RELEASE DATE
db:VULHUBid:VHN-118314date:2018-04-19T00:00:00
db:VULMONid:CVE-2018-0112date:2018-04-19T00:00:00
db:BIDid:103920date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004272date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-1112date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0112date:2018-04-19T20:29:00.253