Details of VAR-201805-0523

ID

VAR-201805-0523

CVE

CVE-2018-0288

TITLE

Cisco WebEx Recorder and Player WRF File Length Field Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424

DESCRIPTION

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. Vendors have confirmed this vulnerability Bug ID CSCvh89107 , CSCvh89113 , CSCvh89132 ,and CSCvh89142 It is released as.Information may be obtained. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of WRF files. Crafted data in a WRF file can trigger a read past the end of a mapped view of a file. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process

Trust: 3.24

sources: NVD: CVE-2018-0288 // JVNDB: JVNDB-2018-004923 // ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // BID: 104091 // VULHUB: VHN-118490

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings online	scope:	eq	version:	t31.20	Trust: 1.6
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	t31.20.2	Trust: 1.6
vendor:	cisco	model:	webex	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex wrf player	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex business suite	scope:	eq	version:	0	Trust: 0.3

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // BID: 104091 // JVNDB: JVNDB-2018-004923 // CNNVD: CNNVD-201805-073 // NVD: CVE-2018-0288

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-0288
value:	LOW
Trust: 1.4
nvd@nist.gov:	CVE-2018-0288
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0288
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201805-073
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118490
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0288
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-0288
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
VULHUB:	VHN-118490
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0288
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0288
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // VULHUB: VHN-118490 // JVNDB: JVNDB-2018-004923 // CNNVD: CNNVD-201805-073 // NVD: CVE-2018-0288

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-118490 // JVNDB: JVNDB-2018-004923 // NVD: CVE-2018-0288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-073

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-073

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004923

PATCH

title:	Cisco has issued an update to correct this vulnerability.	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id	Trust: 1.4
title:	cisco-sa-20180502-webex-id	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id#vp	Trust: 0.8
title:	Cisco WebEx Business Suite meeting sites and WebEx Meetings sites WebEx Recording Format Player Information disclosure vulnerability Repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79809	Trust: 0.6

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // JVNDB: JVNDB-2018-004923 // CNNVD: CNNVD-201805-073

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0288	Trust: 4.2
db:	BID	id:	104091	Trust: 2.0
db:	SECTRACK	id:	1040825	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004923	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5599	Trust: 0.7
db:	ZDI	id:	ZDI-18-425	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5598	Trust: 0.7
db:	ZDI	id:	ZDI-18-424	Trust: 0.7
db:	CNNVD	id:	CNNVD-201805-073	Trust: 0.7
db:	VULHUB	id:	VHN-118490	Trust: 0.1

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // VULHUB: VHN-118490 // BID: 104091 // JVNDB: JVNDB-2018-004923 // CNNVD: CNNVD-201805-073 // NVD: CVE-2018-0288

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-webex-id	Trust: 3.4
url:	http://www.securityfocus.com/bid/104091	Trust: 1.7
url:	http://www.securitytracker.com/id/1040825	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0288	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0288	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424 // VULHUB: VHN-118490 // BID: 104091 // JVNDB: JVNDB-2018-004923 // CNNVD: CNNVD-201805-073 // NVD: CVE-2018-0288

CREDITS

Anonymous

Trust: 1.4

sources: ZDI: ZDI-18-425 // ZDI: ZDI-18-424

SOURCES

db:	ZDI	id:	ZDI-18-425
db:	ZDI	id:	ZDI-18-424
db:	VULHUB	id:	VHN-118490
db:	BID	id:	104091
db:	JVNDB	id:	JVNDB-2018-004923
db:	CNNVD	id:	CNNVD-201805-073
db:	NVD	id:	CVE-2018-0288

LAST UPDATE DATE

2024-11-23T21:38:58.124000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-425	date:	2018-05-14T00:00:00
db:	ZDI	id:	ZDI-18-424	date:	2018-05-14T00:00:00
db:	VULHUB	id:	VHN-118490	date:	2020-09-04T00:00:00
db:	BID	id:	104091	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004923	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-073	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0288	date:	2024-11-21T03:37:54.153

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-425	date:	2018-05-14T00:00:00
db:	ZDI	id:	ZDI-18-424	date:	2018-05-14T00:00:00
db:	VULHUB	id:	VHN-118490	date:	2018-05-02T00:00:00
db:	BID	id:	104091	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004923	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-073	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-0288	date:	2018-05-02T22:29:01.387