Details of VAR-201807-0431

ID

VAR-201807-0431

CVE

CVE-2018-0387

TITLE

Cisco Webex Teams Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293

DESCRIPTION

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. Vendors have confirmed this vulnerability Bug ID CSCvh66250 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The program includes features such as video conferencing, group messaging and file sharing

Trust: 1.98

sources: NVD: CVE-2018-0387 // JVNDB: JVNDB-2018-008280 // BID: 104873 // VULHUB: VHN-118589

AFFECTED PRODUCTS

vendor:	cisco	model:	webex teams	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex teams	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104873 // JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293 // NVD: CVE-2018-0387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0387
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0387
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1293
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118589
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0387
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118589
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0387
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0387
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118589 // JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293 // NVD: CVE-2018-0387

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-118589 // JVNDB: JVNDB-2018-008280 // NVD: CVE-2018-0387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1293

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104873 // CNNVD: CNNVD-201807-1293

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008280

PATCH

title:	cisco-sa-20180718-webex-teams-rce	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce	Trust: 0.8
title:	Cisco Webex Teams Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82194	Trust: 0.6

sources: JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0387	Trust: 2.8
db:	BID	id:	104873	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008280	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1293	Trust: 0.7
db:	VULHUB	id:	VHN-118589	Trust: 0.1

sources: VULHUB: VHN-118589 // BID: 104873 // JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293 // NVD: CVE-2018-0387

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-webex-teams-rce	Trust: 2.0
url:	http://www.securityfocus.com/bid/104873	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0387	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0387	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118589 // BID: 104873 // JVNDB: JVNDB-2018-008280 // CNNVD: CNNVD-201807-1293 // NVD: CVE-2018-0387

CREDITS

Alexey Sintsov from HERE Technologies

Trust: 0.3

sources: BID: 104873

SOURCES

db:	VULHUB	id:	VHN-118589
db:	BID	id:	104873
db:	JVNDB	id:	JVNDB-2018-008280
db:	CNNVD	id:	CNNVD-201807-1293
db:	NVD	id:	CVE-2018-0387

LAST UPDATE DATE

2024-11-23T22:00:27.681000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118589	date:	2019-10-09T00:00:00
db:	BID	id:	104873	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008280	date:	2018-10-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-1293	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0387	date:	2024-11-21T03:38:07.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118589	date:	2018-07-18T00:00:00
db:	BID	id:	104873	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008280	date:	2018-10-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-1293	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0387	date:	2018-07-18T23:29:01.040