Sign-up

ID

VAR-201905-0536


CVE

CVE-2019-1773


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004659

DESCRIPTION

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2019-1773 // JVNDB: JVNDB-2019-004659 // BID: 108373 // VULHUB: VHN-150005 // VULMON: CVE-2019-1773

AFFECTED PRODUCTS

vendor:ciscomodel:webex business suite lockdownscope:ltversion:33.6.11

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:ltversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.42

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:39.2.205

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex business suite lockdownscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex network recording playerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 patchscope:eqversion:1

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings server patchscope:eqversion:3.01

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2 sp2scope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.2039

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1034

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1023

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8.1.1019

Trust: 0.3

vendor:ciscomodel:webex meetings server spscope:eqversion:2.81

Trust: 0.3

vendor:ciscomodel:webex meetings server mr3 sp1scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server mr2scope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.7mr2 spscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1.3047

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.6mr3 spscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.30

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.40

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.37

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.35

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.7.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.6.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.33scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32.15.20scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs32scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31.23scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex business suite wbs31scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:webex meetings server 3.0mr2 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.8mr3 sp2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:webex meetings onlinescope:neversion:1.3.42

Trust: 0.3

vendor:ciscomodel:webex business suite wbs39.2.205scope:neversion: -

Trust: 0.3

sources: BID: 108373 // JVNDB: JVNDB-2019-004659 // NVD: CVE-2019-1773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1773
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1773
value: HIGH

Trust: 1.0

NVD: CVE-2019-1773
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-661
value: HIGH

Trust: 0.6

VULHUB: VHN-150005
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1773
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1773
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-150005
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1773
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1773
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-150005 // VULMON: CVE-2019-1773 // JVNDB: JVNDB-2019-004659 // CNNVD: CNNVD-201905-661 // NVD: CVE-2019-1773 // NVD: CVE-2019-1773

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-150005 // JVNDB: JVNDB-2019-004659 // NVD: CVE-2019-1773

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-661

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-661

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004659

PATCH
title:cisco-sa-20190515-webex-playerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
Trust: 0.8
title:Cisco Webex Network Recording Player  and Cisco Webex Network Webex Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92786
Trust: 0.6
title:Cisco: Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190515-webex-player
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1773 // 
            
            
            
            JVNDB: JVNDB-2019-004659 // 
            
            
            
            CNNVD: CNNVD-201905-661

EXTERNAL IDS
db:NVDid:CVE-2019-1773
Trust: 2.9
db:BIDid:108373
Trust: 2.1
db:JVNDBid:JVNDB-2019-004659
Trust: 0.8
db:CNNVDid:CNNVD-201905-661
Trust: 0.7
db:AUSCERTid:ESB-2019.1749
Trust: 0.6
db:VULHUBid:VHN-150005
Trust: 0.1
db:VULMONid:CVE-2019-1773
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150005 // 
            
            
            
            VULMON: CVE-2019-1773 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004659 // 
            
            
            
            CNNVD: CNNVD-201905-661 // 
            
            
            
            NVD: CVE-2019-1773

REFERENCES
url:http://www.securityfocus.com/bid/108373
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-webex-player
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1773
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1773
Trust: 0.8
url:https://www.auscert.org.au/bulletins/81078
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-webex-remote-code-execution/144805/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150005 // 
            
            
            
            VULMON: CVE-2019-1773 // 
            
            
            
            BID: 108373 // 
            
            
            
            JVNDB: JVNDB-2019-004659 // 
            
            
            
            CNNVD: CNNVD-201905-661 // 
            
            
            
            NVD: CVE-2019-1773

CREDITS
Yici Wang of Fortinet's FortiGuard Labs.
Trust: 0.9
sources:
            
            
            BID: 108373 // 
            
            
            
            CNNVD: CNNVD-201905-661

SOURCES
db:VULHUBid:VHN-150005
db:VULMONid:CVE-2019-1773
db:BIDid:108373
db:JVNDBid:JVNDB-2019-004659
db:CNNVDid:CNNVD-201905-661
db:NVDid:CVE-2019-1773

LAST UPDATE DATE
2024-11-23T22:44:59.500000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150005date:2023-03-01T00:00:00
db:VULMONid:CVE-2019-1773date:2023-03-01T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004659date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-661date:2019-05-21T00:00:00
db:NVDid:CVE-2019-1773date:2024-11-21T04:37:20.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-150005date:2019-05-15T00:00:00
db:VULMONid:CVE-2019-1773date:2019-05-15T00:00:00
db:BIDid:108373date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004659date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-661date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1773date:2019-05-15T20:29:00.993