Details of VAR-201908-0547

ID

VAR-201908-0547

CVE

CVE-2019-1929

TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007668

DESCRIPTION

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is caused by the program not properly validating ARF and WRF files

Trust: 1.8

sources: NVD: CVE-2019-1929 // JVNDB: JVNDB-2019-007668 // VULHUB: VHN-151721 // VULMON: CVE-2019-1929

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings online	scope:	lt	version:	1.3.43	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 1.0
vendor:	cisco	model:	webex business suite	scope:	lt	version:	39.5.5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex business suite	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007668 // NVD: CVE-2019-1929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1929
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1929
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1929
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-544
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151721
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1929
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1929
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-151721
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1929
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1929
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151721 // VULMON: CVE-2019-1929 // JVNDB: JVNDB-2019-007668 // CNNVD: CNNVD-201908-544 // NVD: CVE-2019-1929 // NVD: CVE-2019-1929

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-151721 // JVNDB: JVNDB-2019-007668 // NVD: CVE-2019-1929

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-544

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-544

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007668

PATCH

title:	cisco-sa-20190807-webex-player	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player	Trust: 0.8
title:	Cisco Webex Network Recording Player and Cisco Webex Player Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96241	Trust: 0.6
title:	Cisco: Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190807-webex-player	Trust: 0.1

sources: VULMON: CVE-2019-1929 // JVNDB: JVNDB-2019-007668 // CNNVD: CNNVD-201908-544

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1929	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-007668	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-544	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2994	Trust: 0.6
db:	VULHUB	id:	VHN-151721	Trust: 0.1
db:	VULMON	id:	CVE-2019-1929	Trust: 0.1

sources: VULHUB: VHN-151721 // VULMON: CVE-2019-1929 // JVNDB: JVNDB-2019-007668 // CNNVD: CNNVD-201908-544 // NVD: CVE-2019-1929

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-webex-player	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1929	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1929	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2994/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-151721 // VULMON: CVE-2019-1929 // JVNDB: JVNDB-2019-007668 // CNNVD: CNNVD-201908-544 // NVD: CVE-2019-1929

CREDITS

Yici Wang and Kushal Arvind Shah of Fortinet’s FortiGuard Labs for reporting these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-201908-544

SOURCES

db:	VULHUB	id:	VHN-151721
db:	VULMON	id:	CVE-2019-1929
db:	JVNDB	id:	JVNDB-2019-007668
db:	CNNVD	id:	CNNVD-201908-544
db:	NVD	id:	CVE-2019-1929

LAST UPDATE DATE

2024-11-23T21:36:58.266000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151721	date:	2023-03-08T00:00:00
db:	VULMON	id:	CVE-2019-1929	date:	2023-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-007668	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-544	date:	2019-08-19T00:00:00
db:	NVD	id:	CVE-2019-1929	date:	2024-11-21T04:37:42.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151721	date:	2019-08-07T00:00:00
db:	VULMON	id:	CVE-2019-1929	date:	2019-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007668	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-544	date:	2019-08-07T00:00:00
db:	NVD	id:	CVE-2019-1929	date:	2019-08-07T22:15:15.790