ID

VAR-201805-0522


CVE

CVE-2018-0287


TITLE

Cisco WebEx Network Recording Player for Advanced Recording Format Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004922

DESCRIPTION

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228. Vendors have confirmed this vulnerability Bug ID CSCvh70213 , CSCvh70222 ,and CSCvh70228 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0287 // JVNDB: JVNDB-2018-004922 // BID: 104128 // VULHUB: VHN-118489

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:eqversion:t32.7

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:t30

Trust: 1.6

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings server t30scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex arf playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:2.8.1.2039

Trust: 0.3

sources: BID: 104128 // JVNDB: JVNDB-2018-004922 // CNNVD: CNNVD-201805-074 // NVD: CVE-2018-0287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0287
value: HIGH

Trust: 1.0

NVD: CVE-2018-0287
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-074
value: HIGH

Trust: 0.6

VULHUB: VHN-118489
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0287
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118489
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0287
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118489 // JVNDB: JVNDB-2018-004922 // CNNVD: CNNVD-201805-074 // NVD: CVE-2018-0287

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118489 // JVNDB: JVNDB-2018-004922 // NVD: CVE-2018-0287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-074

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201805-074

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004922

PATCH

title:cisco-sa-20180502-webex-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce

Trust: 0.8

title:Cisco WebEx Business Suite meeting sites , WebEx Meetings sites and WebEx Meetings Server Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79810

Trust: 0.6

sources: JVNDB: JVNDB-2018-004922 // CNNVD: CNNVD-201805-074

EXTERNAL IDS

db:NVDid:CVE-2018-0287

Trust: 2.8

db:BIDid:104128

Trust: 2.0

db:SECTRACKid:1040824

Trust: 1.7

db:JVNDBid:JVNDB-2018-004922

Trust: 0.8

db:CNNVDid:CNNVD-201805-074

Trust: 0.6

db:VULHUBid:VHN-118489

Trust: 0.1

sources: VULHUB: VHN-118489 // BID: 104128 // JVNDB: JVNDB-2018-004922 // CNNVD: CNNVD-201805-074 // NVD: CVE-2018-0287

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-webex-rce

Trust: 2.0

url:http://www.securityfocus.com/bid/104128

Trust: 1.7

url:http://www.securitytracker.com/id/1040824

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0287

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0287

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118489 // BID: 104128 // JVNDB: JVNDB-2018-004922 // CNNVD: CNNVD-201805-074 // NVD: CVE-2018-0287

CREDITS

Kushal Arvind Shah of Fortinet??s FortiGuard Labs

Trust: 0.3

sources: BID: 104128

SOURCES

db:VULHUBid:VHN-118489
db:BIDid:104128
db:JVNDBid:JVNDB-2018-004922
db:CNNVDid:CNNVD-201805-074
db:NVDid:CVE-2018-0287

LAST UPDATE DATE

2024-11-23T22:52:05.360000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118489date:2019-10-09T00:00:00
db:BIDid:104128date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004922date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-074date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0287date:2024-11-21T03:37:54.010

SOURCES RELEASE DATE

db:VULHUBid:VHN-118489date:2018-05-02T00:00:00
db:BIDid:104128date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004922date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-074date:2018-05-03T00:00:00
db:NVDid:CVE-2018-0287date:2018-05-02T22:29:01.323