Sign-up

ID

VAR-201905-0508


CVE

CVE-2019-1771


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004664

DESCRIPTION

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2019-1771 // JVNDB: JVNDB-2019-004664 // BID: 108373 // VULHUB: VHN-149983 // VULMON: CVE-2019-1771

AFFECTED PRODUCTS

vendor:ciscomodel:webex business suite lockdownscope:ltversion:33.6.11

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.42

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0\(1\)

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:39.2.205

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8\(1\)

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex business suite lockdownscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 patchscope:eqversion:1

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server patchscope:eqversion:3.01

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2 sp2scope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.2039

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1034

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1023

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1019

Trust: 0.3

vendor:ciscomodel:webex meetings server spscope:eqversion:2.81

Trust: 0.3

vendor:ciscomodel:webex meetings server mr3 sp1scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.7mr2 spscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1.3047

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.6mr3 spscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.30

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.40

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.37

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.35

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.7.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.6.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.20scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31.23scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.8mr3 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:neversion:1.3.42

Trust: 0.3

vendor:ciscomodel:webex business suite wbs39.2.205scope:neversion: -

Trust: 0.3

sources: BID: 108373 // JVNDB: JVNDB-2019-004664 // NVD: CVE-2019-1771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1771
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1771
value: HIGH

Trust: 1.0

NVD: CVE-2019-1771
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-659
value: HIGH

Trust: 0.6

VULHUB: VHN-149983
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1771
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1771
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149983
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1771
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1771
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149983 // VULMON: CVE-2019-1771 // JVNDB: JVNDB-2019-004664 // CNNVD: CNNVD-201905-659 // NVD: CVE-2019-1771 // NVD: CVE-2019-1771

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-149983 // JVNDB: JVNDB-2019-004664 // NVD: CVE-2019-1771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-659

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-659

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004664

PATCH
title:cisco-sa-20190515-webex-playerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
Trust: 0.8
title:Cisco Webex Network Recording Player  and Cisco Webex Network Webex Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92784
Trust: 0.6
title:Cisco: Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190515-webex-player
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1771 // 
            
            
            
            JVNDB: JVNDB-2019-004664 // 
            
            
            
            CNNVD: CNNVD-201905-659

EXTERNAL IDS
db:NVDid:CVE-2019-1771
Trust: 2.9
db:BIDid:108373
Trust: 2.1
db:JVNDBid:JVNDB-2019-004664
Trust: 0.8
db:CNNVDid:CNNVD-201905-659
Trust: 0.7
db:AUSCERTid:ESB-2019.1749
Trust: 0.6
db:VULHUBid:VHN-149983
Trust: 0.1
db:VULMONid:CVE-2019-1771
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149983 // 
            
            
            
            VULMON: CVE-2019-1771 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004664 // 
            
            
            
            CNNVD: CNNVD-201905-659 // 
            
            
            
            NVD: CVE-2019-1771

REFERENCES
url:http://www.securityfocus.com/bid/108373
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-webex-player
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1771
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1771
Trust: 0.8
url:https://www.auscert.org.au/bulletins/81078
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149983 // 
            
            
            
            VULMON: CVE-2019-1771 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004664 // 
            
            
            
            CNNVD: CNNVD-201905-659 // 
            
            
            
            NVD: CVE-2019-1771

CREDITS
Yici Wang of Fortinet's FortiGuard Labs.
Trust: 0.9
sources:
            
            
            BID: 108373 // 
            
            
            
            CNNVD: CNNVD-201905-659

SOURCES
db:VULHUBid:VHN-149983
db:VULMONid:CVE-2019-1771
db:BIDid:108373
db:JVNDBid:JVNDB-2019-004664
db:CNNVDid:CNNVD-201905-659
db:NVDid:CVE-2019-1771

LAST UPDATE DATE
2024-11-23T22:44:59.534000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149983date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1771date:2023-03-24T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004664date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-659date:2019-05-21T00:00:00
db:NVDid:CVE-2019-1771date:2024-11-21T04:37:20.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-149983date:2019-05-15T00:00:00
db:VULMONid:CVE-2019-1771date:2019-05-15T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004664date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-659date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1771date:2019-05-15T20:29:00.883