Sign-up

ID

VAR-201908-0541


CVE

CVE-2019-1927


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007591

DESCRIPTION

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is caused by the program not properly validating ARF and WRF files

Trust: 1.71

sources: NVD: CVE-2019-1927 // JVNDB: JVNDB-2019-007591 // VULHUB: VHN-151699

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.43

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:39.5.5

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:webex business suitescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007591 // NVD: CVE-2019-1927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1927
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1927
value: HIGH

Trust: 1.0

NVD: CVE-2019-1927
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-540
value: HIGH

Trust: 0.6

VULHUB: VHN-151699
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1927
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151699
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1927
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1927
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151699 // JVNDB: JVNDB-2019-007591 // CNNVD: CNNVD-201908-540 // NVD: CVE-2019-1927 // NVD: CVE-2019-1927

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-151699 // JVNDB: JVNDB-2019-007591 // NVD: CVE-2019-1927

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-540

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-540

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007591

PATCH
title:cisco-sa-20190807-webex-playerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player
Trust: 0.8
title:Cisco Webex Network Recording Player  and Cisco Webex Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96237
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007591 // 
            
            
            
            CNNVD: CNNVD-201908-540

EXTERNAL IDS
db:NVDid:CVE-2019-1927
Trust: 2.5
db:JVNDBid:JVNDB-2019-007591
Trust: 0.8
db:CNNVDid:CNNVD-201908-540
Trust: 0.7
db:AUSCERTid:ESB-2019.2994
Trust: 0.6
db:VULHUBid:VHN-151699
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151699 // 
            
            
            
            JVNDB: JVNDB-2019-007591 // 
            
            
            
            CNNVD: CNNVD-201908-540 // 
            
            
            
            NVD: CVE-2019-1927

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-webex-player
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1927
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1927
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2994/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151699 // 
            
            
            
            JVNDB: JVNDB-2019-007591 // 
            
            
            
            CNNVD: CNNVD-201908-540 // 
            
            
            
            NVD: CVE-2019-1927

CREDITS
Yici Wang and Kushal Arvind Shah of Fortinet’s FortiGuard Labs for reporting these vulnerabilities.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-540

SOURCES
db:VULHUBid:VHN-151699
db:JVNDBid:JVNDB-2019-007591
db:CNNVDid:CNNVD-201908-540
db:NVDid:CVE-2019-1927

LAST UPDATE DATE
2024-11-23T21:36:58.240000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151699date:2023-03-08T00:00:00
db:JVNDBid:JVNDB-2019-007591date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-540date:2019-08-15T00:00:00
db:NVDid:CVE-2019-1927date:2024-11-21T04:37:42.203

SOURCES RELEASE DATE
db:VULHUBid:VHN-151699date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007591date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-540date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1927date:2019-08-07T22:15:15.650