Sign-up

ID

VAR-202003-1181


CVE

CVE-2020-3128


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Cisco Webex Player Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002444

DESCRIPTION

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be put into a state. The following products and versions are affected: Webex Network Recording Player Release WBS earlier than 39.5.17 (Cisco Webex Meetings), Release WBS earlier than 39.11.0 (Cisco Webex Meetings), Release 1.3.49 earlier (Cisco Webex Meetings Online), Release 3.0MR3 prior to SecurityPatch1 (Cisco Webex Meetings Server), prior to 4.0MR2SecurityPatch2 (Cisco Webex Meetings Server); Webex Player Release prior to WBS 39.5.17 (Cisco Webex Meetings), Release prior to Release WBS 39.11.0 (Cisco Webex Meetings) , versions earlier than Release 1.3.49 (Cisco Webex Meetings Online)

Trust: 1.71

sources: NVD: CVE-2020-3128 // JVNDB: JVNDB-2020-002444 // VULHUB: VHN-181253

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.49

Trust: 1.0

vendor:ciscomodel:webex network recording playerscope:ltversion:39.5.17

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:ltversion:3.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex network recording playerscope:ltversion:39.11.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.17

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:39.5

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex network recording playerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.42

Trust: 0.6

vendor:ciscomodel:webex meetingsscope:eqversion:39.5

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.39

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.37

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 0.6

vendor:ciscomodel:webex meetings onlinescope:eqversion:1.3.38

Trust: 0.6

sources: JVNDB: JVNDB-2020-002444 // CNNVD: CNNVD-202003-177 // NVD: CVE-2020-3128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3128
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3128
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002444
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-177
value: HIGH

Trust: 0.6

VULHUB: VHN-181253
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3128
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002444
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181253
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3128
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3128
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002444
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181253 // JVNDB: JVNDB-2020-002444 // CNNVD: CNNVD-202003-177 // NVD: CVE-2020-3128 // NVD: CVE-2020-3128

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181253 // JVNDB: JVNDB-2020-002444 // NVD: CVE-2020-3128

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-177

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202003-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002444

PATCH
title:cisco-sa-20200304-webex-playerurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player
Trust: 0.8
title:Cisco Webex Network Recording Player  and Webex Player Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111112
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002444 // 
            
            
            
            CNNVD: CNNVD-202003-177

EXTERNAL IDS
db:NVDid:CVE-2020-3128
Trust: 2.5
db:JVNDBid:JVNDB-2020-002444
Trust: 0.8
db:CNNVDid:CNNVD-202003-177
Trust: 0.7
db:AUSCERTid:ESB-2020.0811
Trust: 0.6
db:VULHUBid:VHN-181253
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181253 // 
            
            
            
            JVNDB: JVNDB-2020-002444 // 
            
            
            
            CNNVD: CNNVD-202003-177 // 
            
            
            
            NVD: CVE-2020-3128

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200304-webex-player
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3128
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3128
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0811/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181253 // 
            
            
            
            JVNDB: JVNDB-2020-002444 // 
            
            
            
            CNNVD: CNNVD-202003-177 // 
            
            
            
            NVD: CVE-2020-3128

SOURCES
db:VULHUBid:VHN-181253
db:JVNDBid:JVNDB-2020-002444
db:CNNVDid:CNNVD-202003-177
db:NVDid:CVE-2020-3128

LAST UPDATE DATE
2024-11-23T22:29:41.182000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181253date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2020-002444date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-177date:2020-03-13T00:00:00
db:NVDid:CVE-2020-3128date:2024-11-21T05:30:23.040

SOURCES RELEASE DATE
db:VULHUBid:VHN-181253date:2020-03-04T00:00:00
db:JVNDBid:JVNDB-2020-002444date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-177date:2020-03-04T00:00:00
db:NVDid:CVE-2020-3128date:2020-03-04T19:15:12.477