Sign-up

ID

VAR-201810-0592


CVE

CVE-2018-15422


TITLE

Cisco Webex Network Recording Player and Webex Player Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010862

DESCRIPTION

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. Cisco Webex Network Recording Player and Webex Player Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. When parsing an ARF file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. These issues are being tracked by Cisco Bug IDs CSCvj63665, CSCvj63672, CSCvj63676, CSCvj63717, CSCvj63724, CSCvj63729, CSCvj67334, CSCvj67339, and CSCvj67344. Cisco Webex Meetings Suite and others are multi-functional video conferencing solutions of Cisco (Cisco)

Trust: 2.61

sources: NVD: CVE-2018-15422 // JVNDB: JVNDB-2018-010862 // ZDI: ZDI-18-1079 // BID: 105374 // VULHUB: VHN-125680

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.0

vendor:ciscomodel:webex business suite 32scope:ltversion:32.15.10

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.29

Trust: 1.0

vendor:ciscomodel:webex business suite 33scope:ltversion:33.3

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.37

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 1.0

vendor:ciscomodel:webex business suitescope:eqversion:32

Trust: 0.8

vendor:ciscomodel:webex business suitescope:eqversion:33

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webexscope: - version: -

Trust: 0.7

vendor:ciscomodel:webex meetings suitescope:eqversion:0

Trust: 0.6

vendor:ciscomodel:webex business suite 33scope:eqversion:33.1

Trust: 0.6

vendor:ciscomodel:webex business suite 33scope:eqversion:33.0

Trust: 0.6

vendor:ciscomodel:webex business suite 32scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:webex business suite 33scope:eqversion:33.2

Trust: 0.6

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings suite wbs33.3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings suite wbs32.15.10scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:neversion:1.3.37

Trust: 0.3

sources: ZDI: ZDI-18-1079 // BID: 105374 // JVNDB: JVNDB-2018-010862 // CNNVD: CNNVD-201809-994 // NVD: CVE-2018-15422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15422
value: HIGH

Trust: 1.0

NVD: CVE-2018-15422
value: HIGH

Trust: 0.8

ZDI: CVE-2018-15422
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201809-994
value: HIGH

Trust: 0.6

VULHUB: VHN-125680
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15422
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-15422
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-125680
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15422
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-15422
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-18-1079 // VULHUB: VHN-125680 // JVNDB: JVNDB-2018-010862 // CNNVD: CNNVD-201809-994 // NVD: CVE-2018-15422

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-125680 // JVNDB: JVNDB-2018-010862 // NVD: CVE-2018-15422

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-994

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201809-994

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010862

PATCH
title:cisco-sa-20180919-webexurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex
Trust: 1.5
title:Cisco Webex Network Recording Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85101
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1079 // 
            
            
            
            JVNDB: JVNDB-2018-010862 // 
            
            
            
            CNNVD: CNNVD-201809-994

EXTERNAL IDS
db:NVDid:CVE-2018-15422
Trust: 3.5
db:BIDid:105374
Trust: 2.0
db:SECTRACKid:1041689
Trust: 1.7
db:JVNDBid:JVNDB-2018-010862
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6205
Trust: 0.7
db:ZDIid:ZDI-18-1079
Trust: 0.7
db:CNNVDid:CNNVD-201809-994
Trust: 0.7
db:VULHUBid:VHN-125680
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1079 // 
            
            
            
            VULHUB: VHN-125680 // 
            
            
            
            BID: 105374 // 
            
            
            
            JVNDB: JVNDB-2018-010862 // 
            
            
            
            CNNVD: CNNVD-201809-994 // 
            
            
            
            NVD: CVE-2018-15422

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180919-webex
Trust: 2.4
url:http://www.securityfocus.com/bid/105374
Trust: 1.7
url:http://www.securitytracker.com/id/1041689
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15422
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15422
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180919-webex 
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1079 // 
            
            
            
            VULHUB: VHN-125680 // 
            
            
            
            BID: 105374 // 
            
            
            
            JVNDB: JVNDB-2018-010862 // 
            
            
            
            CNNVD: CNNVD-201809-994 // 
            
            
            
            NVD: CVE-2018-15422

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1079

SOURCES
db:ZDIid:ZDI-18-1079
db:VULHUBid:VHN-125680
db:BIDid:105374
db:JVNDBid:JVNDB-2018-010862
db:CNNVDid:CNNVD-201809-994
db:NVDid:CVE-2018-15422

LAST UPDATE DATE
2024-11-23T22:17:17.268000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1079date:2018-09-21T00:00:00
db:VULHUBid:VHN-125680date:2020-09-16T00:00:00
db:BIDid:105374date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-010862date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-994date:2020-10-22T00:00:00
db:NVDid:CVE-2018-15422date:2024-11-21T03:50:45.667

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-1079date:2018-09-21T00:00:00
db:VULHUBid:VHN-125680date:2018-10-05T00:00:00
db:BIDid:105374date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-010862date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-994date:2018-09-21T00:00:00
db:NVDid:CVE-2018-15422date:2018-10-05T14:29:10.857