Details of VAR-201805-0499

ID

VAR-201805-0499

CVE

CVE-2018-0264

TITLE

plural Cisco Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004904

DESCRIPTION

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457. plural Cisco The product contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvh85410 , CSCvh85430 , CSCvh85440 , CSCvh85442 , CSCvh85453 ,and CSCvh85457 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WebEx ARF player is one of the players, which is mainly used to play WebEx recording files in ARF format

Trust: 2.07

sources: NVD: CVE-2018-0264 // JVNDB: JVNDB-2018-004904 // BID: 104073 // VULHUB: VHN-118466 // VULMON: CVE-2018-0264

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meeting server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex business suite 32	scope:	lt	version:	t31.23.4	Trust: 1.0
vendor:	cisco	model:	webex business suite 31	scope:	lt	version:	t32.12	Trust: 1.0
vendor:	cisco	model:	webex meetings	scope:	lt	version:	t32.12	Trust: 1.0
vendor:	cisco	model:	webex business suite	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings	scope:	eq	version:	8.0_base	Trust: 0.6
vendor:	cisco	model:	webex network recording player	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7	Trust: 0.3
vendor:	cisco	model:	webex meetings online t31.20	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings online t31	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings client t31.14	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t32.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t32.10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.23.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.14.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings server patch	scope:	ne	version:	3.01	Trust: 0.3
vendor:	cisco	model:	webex meetings client t32.12	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t32.12	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex business suite client t31.23.4	scope:	ne	version:	-	Trust: 0.3

sources: BID: 104073 // JVNDB: JVNDB-2018-004904 // CNNVD: CNNVD-201805-080 // NVD: CVE-2018-0264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0264
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0264
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201805-080
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118466
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-0264
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0264
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-118466
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0264
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118466 // VULMON: CVE-2018-0264 // JVNDB: JVNDB-2018-004904 // CNNVD: CNNVD-201805-080 // NVD: CVE-2018-0264

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-118466 // JVNDB: JVNDB-2018-004904 // NVD: CVE-2018-0264

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-080

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104073 // CNNVD: CNNVD-201805-080

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004904

PATCH

title:	cisco-sa-20180502-war	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war	Trust: 0.8
title:	Cisco WebEx Business Suite meeting sites , WebEx Meetings sites and WebEx Meetings Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79816	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2018/05/03/cisco_patches_may_2/	Trust: 0.2
title:	Cisco: Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180502-war	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/	Trust: 0.1

sources: VULMON: CVE-2018-0264 // JVNDB: JVNDB-2018-004904 // CNNVD: CNNVD-201805-080

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0264	Trust: 2.9
db:	BID	id:	104073	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-004904	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-080	Trust: 0.6
db:	VULHUB	id:	VHN-118466	Trust: 0.1
db:	VULMON	id:	CVE-2018-0264	Trust: 0.1

sources: VULHUB: VHN-118466 // VULMON: CVE-2018-0264 // BID: 104073 // JVNDB: JVNDB-2018-004904 // CNNVD: CNNVD-201805-080 // NVD: CVE-2018-0264

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-war	Trust: 2.2
url:	http://www.securityfocus.com/bid/104073	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0264	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0264	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/	Trust: 0.1

sources: VULHUB: VHN-118466 // VULMON: CVE-2018-0264 // BID: 104073 // JVNDB: JVNDB-2018-004904 // CNNVD: CNNVD-201805-080 // NVD: CVE-2018-0264

CREDITS

Kushal Arvind Shah of Fortinet??s FortiGuard Labs

Trust: 0.3

sources: BID: 104073

SOURCES

db:	VULHUB	id:	VHN-118466
db:	VULMON	id:	CVE-2018-0264
db:	BID	id:	104073
db:	JVNDB	id:	JVNDB-2018-004904
db:	CNNVD	id:	CNNVD-201805-080
db:	NVD	id:	CVE-2018-0264

LAST UPDATE DATE

2024-11-23T22:55:53.289000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118466	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0264	date:	2019-10-09T00:00:00
db:	BID	id:	104073	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004904	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-080	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0264	date:	2024-11-21T03:37:50.560

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118466	date:	2018-05-02T00:00:00
db:	VULMON	id:	CVE-2018-0264	date:	2018-05-02T00:00:00
db:	BID	id:	104073	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004904	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-080	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-0264	date:	2018-05-02T22:29:00.903