Sign-up

ID

VAR-201807-0426


CVE

CVE-2018-0379


TITLE

Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability

Trust: 3.5

sources: ZDI: ZDI-18-973 // ZDI: ZDI-18-977 // ZDI: ZDI-18-974 // ZDI: ZDI-18-976 // ZDI: ZDI-18-975

DESCRIPTION

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294. Vendors have confirmed this vulnerability Bug IDs: CSCvi02621 , CSCvi02965 , CSCvi63329 , CSCvi63333 , CSCvi63335 , CSCvi63374 , CSCvi63376 , CSCvi63377 , CSCvi63391 , CSCvi63392 , CSCvi63396 , CSCvi63495 , CSCvi63497 , CSCvi63498 , CSCvi82684 , CSCvi82700 , CSCvi82705 , CSCvi82725 , CSCvi82737 , CSCvi82742 , CSCvi82760 , CSCvi82771 , CSCvj51284 , CSCvj51294 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. When parsing an ARF file, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRF files. Crafted data can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process

Trust: 9.54

sources: NVD: CVE-2018-0379 // JVNDB: JVNDB-2018-009077 // ZDI: ZDI-18-973 // ZDI: ZDI-18-977 // ZDI: ZDI-18-968 // ZDI: ZDI-18-970 // ZDI: ZDI-18-967 // ZDI: ZDI-18-974 // ZDI: ZDI-18-969 // ZDI: ZDI-18-972 // ZDI: ZDI-18-978 // ZDI: ZDI-18-976 // ZDI: ZDI-18-971 // ZDI: ZDI-18-975 // BID: 104853 // VULHUB: VHN-118581

AFFECTED PRODUCTS

vendor:ciscomodel:webexscope: - version: -

Trust: 8.4

vendor:ciscomodel:webex business suitescope:eqversion:32.15

Trust: 1.6

vendor:ciscomodel:webex meeting serverscope:eqversion:3.0

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.35

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:31.23

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:33.2

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:33.1.1

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:33.0.6

Trust: 1.6

vendor:ciscomodel:webex business suitescope:gteversion:33.0

Trust: 1.0

vendor:ciscomodel:webex business suitescope:gteversion:32.0

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.35

Trust: 1.0

vendor:ciscomodel:webex business suitescope:lteversion:33.2

Trust: 1.0

vendor:ciscomodel:webex business suitescope:gteversion:31.0

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:32.15

Trust: 1.0

vendor:ciscomodel:webex business suitescope:lteversion:31.23

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.2039

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1034

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1023

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1019

Trust: 0.3

vendor:ciscomodel:webex meetings server spscope:eqversion:2.81

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.7mr2 spscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1.3047

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.6mr3 spscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.30

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr6 patchscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.99.2

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.0.997

Trust: 0.3

vendor:ciscomodel:webex meetings server mr1scope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings server basescope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings online t32scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings online t31.20scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings online t31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings suite wbs33.2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings suite wbs32.15scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings suite wbs31.23scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:neversion:1.3.35

Trust: 0.3

sources: ZDI: ZDI-18-973 // ZDI: ZDI-18-977 // ZDI: ZDI-18-968 // ZDI: ZDI-18-970 // ZDI: ZDI-18-967 // ZDI: ZDI-18-974 // ZDI: ZDI-18-969 // ZDI: ZDI-18-972 // ZDI: ZDI-18-978 // ZDI: ZDI-18-976 // ZDI: ZDI-18-971 // ZDI: ZDI-18-975 // BID: 104853 // JVNDB: JVNDB-2018-009077 // CNNVD: CNNVD-201807-1295 // NVD: CVE-2018-0379

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-0379
value: MEDIUM

Trust: 8.4

nvd@nist.gov: CVE-2018-0379
value: HIGH

Trust: 1.0

NVD: CVE-2018-0379
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1295
value: HIGH

Trust: 0.6

VULHUB: VHN-118581
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0379
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 5.3

ZDI: CVE-2018-0379
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 4.9

VULHUB: VHN-118581
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0379
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-973 // ZDI: ZDI-18-977 // ZDI: ZDI-18-968 // ZDI: ZDI-18-970 // ZDI: ZDI-18-967 // ZDI: ZDI-18-974 // ZDI: ZDI-18-969 // ZDI: ZDI-18-972 // ZDI: ZDI-18-978 // ZDI: ZDI-18-976 // ZDI: ZDI-18-971 // ZDI: ZDI-18-975 // VULHUB: VHN-118581 // JVNDB: JVNDB-2018-009077 // CNNVD: CNNVD-201807-1295 // NVD: CVE-2018-0379

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-118581 // JVNDB: JVNDB-2018-009077 // NVD: CVE-2018-0379

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1295

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1295

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009077

PATCH
title:cisco-sa-20180718-webex-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce
Trust: 9.2
title:Cisco Webex Network Recording Player Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82196
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-973 // 
            
            
            
            ZDI: ZDI-18-977 // 
            
            
            
            ZDI: ZDI-18-968 // 
            
            
            
            ZDI: ZDI-18-970 // 
            
            
            
            ZDI: ZDI-18-967 // 
            
            
            
            ZDI: ZDI-18-974 // 
            
            
            
            ZDI: ZDI-18-969 // 
            
            
            
            ZDI: ZDI-18-972 // 
            
            
            
            ZDI: ZDI-18-978 // 
            
            
            
            ZDI: ZDI-18-976 // 
            
            
            
            ZDI: ZDI-18-971 // 
            
            
            
            ZDI: ZDI-18-975 // 
            
            
            
            JVNDB: JVNDB-2018-009077 // 
            
            
            
            CNNVD: CNNVD-201807-1295

EXTERNAL IDS
db:NVDid:CVE-2018-0379
Trust: 11.2
db:BIDid:104853
Trust: 2.0
db:SECTRACKid:1041347
Trust: 1.7
db:JVNDBid:JVNDB-2018-009077
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5720
Trust: 0.7
db:ZDIid:ZDI-18-973
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5724
Trust: 0.7
db:ZDIid:ZDI-18-977
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5600
Trust: 0.7
db:ZDIid:ZDI-18-968
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5703
Trust: 0.7
db:ZDIid:ZDI-18-970
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5593
Trust: 0.7
db:ZDIid:ZDI-18-967
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5723
Trust: 0.7
db:ZDIid:ZDI-18-974
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5601
Trust: 0.7
db:ZDIid:ZDI-18-969
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5705
Trust: 0.7
db:ZDIid:ZDI-18-972
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5972
Trust: 0.7
db:ZDIid:ZDI-18-978
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5722
Trust: 0.7
db:ZDIid:ZDI-18-976
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5704
Trust: 0.7
db:ZDIid:ZDI-18-971
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5721
Trust: 0.7
db:ZDIid:ZDI-18-975
Trust: 0.7
db:CNNVDid:CNNVD-201807-1295
Trust: 0.7
db:VULHUBid:VHN-118581
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-973 // 
            
            
            
            ZDI: ZDI-18-977 // 
            
            
            
            ZDI: ZDI-18-968 // 
            
            
            
            ZDI: ZDI-18-970 // 
            
            
            
            ZDI: ZDI-18-967 // 
            
            
            
            ZDI: ZDI-18-974 // 
            
            
            
            ZDI: ZDI-18-969 // 
            
            
            
            ZDI: ZDI-18-972 // 
            
            
            
            ZDI: ZDI-18-978 // 
            
            
            
            ZDI: ZDI-18-976 // 
            
            
            
            ZDI: ZDI-18-971 // 
            
            
            
            ZDI: ZDI-18-975 // 
            
            
            
            VULHUB: VHN-118581 // 
            
            
            
            BID: 104853 // 
            
            
            
            JVNDB: JVNDB-2018-009077 // 
            
            
            
            CNNVD: CNNVD-201807-1295 // 
            
            
            
            NVD: CVE-2018-0379

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-webex-rce
Trust: 10.4
url:http://www.securityfocus.com/bid/104853
Trust: 1.7
url:http://www.securitytracker.com/id/1041347
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0379
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0379
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-973 // 
            
            
            
            ZDI: ZDI-18-977 // 
            
            
            
            ZDI: ZDI-18-968 // 
            
            
            
            ZDI: ZDI-18-970 // 
            
            
            
            ZDI: ZDI-18-967 // 
            
            
            
            ZDI: ZDI-18-974 // 
            
            
            
            ZDI: ZDI-18-969 // 
            
            
            
            ZDI: ZDI-18-972 // 
            
            
            
            ZDI: ZDI-18-978 // 
            
            
            
            ZDI: ZDI-18-976 // 
            
            
            
            ZDI: ZDI-18-971 // 
            
            
            
            ZDI: ZDI-18-975 // 
            
            
            
            VULHUB: VHN-118581 // 
            
            
            
            BID: 104853 // 
            
            
            
            JVNDB: JVNDB-2018-009077 // 
            
            
            
            CNNVD: CNNVD-201807-1295 // 
            
            
            
            NVD: CVE-2018-0379

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 3.5
sources:
            
            
            ZDI: ZDI-18-973 // 
            
            
            
            ZDI: ZDI-18-977 // 
            
            
            
            ZDI: ZDI-18-974 // 
            
            
            
            ZDI: ZDI-18-976 // 
            
            
            
            ZDI: ZDI-18-975

SOURCES
db:ZDIid:ZDI-18-973
db:ZDIid:ZDI-18-977
db:ZDIid:ZDI-18-968
db:ZDIid:ZDI-18-970
db:ZDIid:ZDI-18-967
db:ZDIid:ZDI-18-974
db:ZDIid:ZDI-18-969
db:ZDIid:ZDI-18-972
db:ZDIid:ZDI-18-978
db:ZDIid:ZDI-18-976
db:ZDIid:ZDI-18-971
db:ZDIid:ZDI-18-975
db:VULHUBid:VHN-118581
db:BIDid:104853
db:JVNDBid:JVNDB-2018-009077
db:CNNVDid:CNNVD-201807-1295
db:NVDid:CVE-2018-0379

LAST UPDATE DATE
2024-11-23T23:08:38.094000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-973date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-977date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-968date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-970date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-967date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-974date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-969date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-972date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-978date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-976date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-971date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-975date:2018-08-31T00:00:00
db:VULHUBid:VHN-118581date:2019-10-09T00:00:00
db:BIDid:104853date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009077date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1295date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0379date:2024-11-21T03:38:06.213

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-973date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-977date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-968date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-970date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-967date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-974date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-969date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-972date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-978date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-976date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-971date:2018-08-31T00:00:00
db:ZDIid:ZDI-18-975date:2018-08-31T00:00:00
db:VULHUBid:VHN-118581date:2018-07-18T00:00:00
db:BIDid:104853date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009077date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1295date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0379date:2018-07-18T23:29:00.963