Sign-up

ID

VAR-201807-0427


CVE

CVE-2018-0380


TITLE

Cisco WebEx Network Recording Player for Advanced Recording Format and WebEx Recording Format Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008391

DESCRIPTION

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533. Vendors have confirmed this vulnerability Bug ID CSCvh70253 , CSCvh70268 , CSCvh72272 , CSCvh72281 , CSCvh72285 , CSCvi60477 , CSCvi60485 , CSCvi60490 , CSCvi60520 , CSCvi60529 ,and CSCvi60533 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0380 // JVNDB: JVNDB-2018-008391 // BID: 104880 // VULHUB: VHN-118582

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:eqversion:t31

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:t30

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:t31.20

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:t31.23.2

Trust: 1.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:t31.23

Trust: 1.6

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings suitescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meeting serverscope:eqversion:0

Trust: 0.3

sources: BID: 104880 // JVNDB: JVNDB-2018-008391 // CNNVD: CNNVD-201807-1294 // NVD: CVE-2018-0380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0380
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0380
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1294
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118582
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0380
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118582
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0380
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118582 // JVNDB: JVNDB-2018-008391 // CNNVD: CNNVD-201807-1294 // NVD: CVE-2018-0380

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118582 // JVNDB: JVNDB-2018-008391 // NVD: CVE-2018-0380

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1294

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1294

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008391

PATCH
title:cisco-sa-20180718-webex-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos
Trust: 0.8
title:Cisco Webex Network Recording Player Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82195
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008391 // 
            
            
            
            CNNVD: CNNVD-201807-1294

EXTERNAL IDS
db:NVDid:CVE-2018-0380
Trust: 2.8
db:BIDid:104880
Trust: 2.0
db:SECTRACKid:1041351
Trust: 1.7
db:JVNDBid:JVNDB-2018-008391
Trust: 0.8
db:CNNVDid:CNNVD-201807-1294
Trust: 0.7
db:VULHUBid:VHN-118582
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118582 // 
            
            
            
            BID: 104880 // 
            
            
            
            JVNDB: JVNDB-2018-008391 // 
            
            
            
            CNNVD: CNNVD-201807-1294 // 
            
            
            
            NVD: CVE-2018-0380

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-webex-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/104880
Trust: 1.7
url:http://www.securitytracker.com/id/1041351
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0380
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0380
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118582 // 
            
            
            
            BID: 104880 // 
            
            
            
            JVNDB: JVNDB-2018-008391 // 
            
            
            
            CNNVD: CNNVD-201807-1294 // 
            
            
            
            NVD: CVE-2018-0380

CREDITS
Kushal Arvind Shah of Fortinet's FortiGuard Labs, Chris Navarrete of Fortinet's FortiGuard Labs and Yonghui Han of Fortinet's FortiGuard Labs.
Trust: 0.3
sources:
            
            
            BID: 104880

SOURCES
db:VULHUBid:VHN-118582
db:BIDid:104880
db:JVNDBid:JVNDB-2018-008391
db:CNNVDid:CNNVD-201807-1294
db:NVDid:CVE-2018-0380

LAST UPDATE DATE
2024-11-23T22:52:02.816000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118582date:2019-10-09T00:00:00
db:BIDid:104880date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008391date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1294date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0380date:2024-11-21T03:38:06.417

SOURCES RELEASE DATE
db:VULHUBid:VHN-118582date:2018-07-18T00:00:00
db:BIDid:104880date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-008391date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201807-1294date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0380date:2018-07-18T23:29:01.010