Sign-up

ID

VAR-201905-0509


CVE

CVE-2019-1772


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004665

DESCRIPTION

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2019-1772 // JVNDB: JVNDB-2019-004665 // BID: 108373 // VULHUB: VHN-149994 // VULMON: CVE-2019-1772

AFFECTED PRODUCTS

vendor:ciscomodel:webex business suite lockdownscope:ltversion:33.6.11

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.42

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0\(1\)

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:39.1.0.471

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8\(1\)

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex business suite lockdownscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 patchscope:eqversion:1

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server patchscope:eqversion:3.01

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2 sp2scope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.2039

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1034

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1023

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1019

Trust: 0.3

vendor:ciscomodel:webex meetings server spscope:eqversion:2.81

Trust: 0.3

vendor:ciscomodel:webex meetings server mr3 sp1scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.7mr2 spscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1.3047

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.6mr3 spscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.30

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.40

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.37

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.35

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.7.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.6.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.20scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31.23scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.8mr3 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:neversion:1.3.42

Trust: 0.3

vendor:ciscomodel:webex business suite wbs39.2.205scope:neversion: -

Trust: 0.3

sources: BID: 108373 // JVNDB: JVNDB-2019-004665 // NVD: CVE-2019-1772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1772
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1772
value: HIGH

Trust: 1.0

NVD: CVE-2019-1772
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-660
value: HIGH

Trust: 0.6

VULHUB: VHN-149994
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1772
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1772
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149994
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1772
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1772
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149994 // VULMON: CVE-2019-1772 // JVNDB: JVNDB-2019-004665 // CNNVD: CNNVD-201905-660 // NVD: CVE-2019-1772 // NVD: CVE-2019-1772

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-149994 // JVNDB: JVNDB-2019-004665 // NVD: CVE-2019-1772

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-660

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-660

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004665

PATCH
title:cisco-sa-20190515-webex-playerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
Trust: 0.8
title:Cisco Webex Network Recording Player  and Cisco Webex Network Webex Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92785
Trust: 0.6
title:Cisco: Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190515-webex-player
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1772 // 
            
            
            
            JVNDB: JVNDB-2019-004665 // 
            
            
            
            CNNVD: CNNVD-201905-660

EXTERNAL IDS
db:NVDid:CVE-2019-1772
Trust: 2.9
db:BIDid:108373
Trust: 2.1
db:JVNDBid:JVNDB-2019-004665
Trust: 0.8
db:CNNVDid:CNNVD-201905-660
Trust: 0.7
db:AUSCERTid:ESB-2019.1749
Trust: 0.6
db:VULHUBid:VHN-149994
Trust: 0.1
db:VULMONid:CVE-2019-1772
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149994 // 
            
            
            
            VULMON: CVE-2019-1772 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004665 // 
            
            
            
            CNNVD: CNNVD-201905-660 // 
            
            
            
            NVD: CVE-2019-1772

REFERENCES
url:http://www.securityfocus.com/bid/108373
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-webex-player
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1772
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1772
Trust: 0.8
url:https://www.auscert.org.au/bulletins/81078
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149994 // 
            
            
            
            VULMON: CVE-2019-1772 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004665 // 
            
            
            
            CNNVD: CNNVD-201905-660 // 
            
            
            
            NVD: CVE-2019-1772

CREDITS
Yici Wang of Fortinet's FortiGuard Labs.
Trust: 0.9
sources:
            
            
            BID: 108373 // 
            
            
            
            CNNVD: CNNVD-201905-660

SOURCES
db:VULHUBid:VHN-149994
db:VULMONid:CVE-2019-1772
db:BIDid:108373
db:JVNDBid:JVNDB-2019-004665
db:CNNVDid:CNNVD-201905-660
db:NVDid:CVE-2019-1772

LAST UPDATE DATE
2024-11-23T22:44:59.465000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149994date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1772date:2023-03-24T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004665date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-660date:2019-05-21T00:00:00
db:NVDid:CVE-2019-1772date:2024-11-21T04:37:20.607

SOURCES RELEASE DATE
db:VULHUBid:VHN-149994date:2019-05-15T00:00:00
db:VULMONid:CVE-2019-1772date:2019-05-15T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004665date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-660date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1772date:2019-05-15T20:29:00.930