Sign-up

ID

VAR-202004-1243


CVE

CVE-2020-3194


TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004771

DESCRIPTION

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3194 // JVNDB: JVNDB-2020-004771 // VULHUB: VHN-181319

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:39.5.18

Trust: 1.0

vendor:ciscomodel:webex network recording playerscope:ltversion:39.5.18

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:4.0

Trust: 1.0

vendor:ciscomodel:webex network recording playerscope:ltversion:40.2

Trust: 1.0

vendor:ciscomodel:webex meetings onlinescope:ltversion:1.3.48

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:ltversion:4.0

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:gteversion:39.5

Trust: 1.0

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings onlinescope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex network recording playerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004771 // NVD: CVE-2020-3194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3194
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3194
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004771
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1104
value: HIGH

Trust: 0.6

VULHUB: VHN-181319
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3194
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004771
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181319
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3194
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3194
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004771
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181319 // JVNDB: JVNDB-2020-004771 // CNNVD: CNNVD-202004-1104 // NVD: CVE-2020-3194 // NVD: CVE-2020-3194

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-181319 // JVNDB: JVNDB-2020-004771 // NVD: CVE-2020-3194

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1104

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004771

PATCH
title:cisco-sa-webex-player-Q7Rtgvbyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby
Trust: 0.8
title:Cisco Webex Network Recording Player  and Webex Player Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114629
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004771 // 
            
            
            
            CNNVD: CNNVD-202004-1104

EXTERNAL IDS
db:NVDid:CVE-2020-3194
Trust: 2.5
db:JVNDBid:JVNDB-2020-004771
Trust: 0.8
db:CNNVDid:CNNVD-202004-1104
Trust: 0.7
db:AUSCERTid:ESB-2020.1325
Trust: 0.6
db:AUSCERTid:ESB-2020.1325.2
Trust: 0.6
db:CNVDid:CNVD-2020-25344
Trust: 0.1
db:VULHUBid:VHN-181319
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181319 // 
            
            
            
            JVNDB: JVNDB-2020-004771 // 
            
            
            
            CNNVD: CNNVD-202004-1104 // 
            
            
            
            NVD: CVE-2020-3194

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-player-q7rtgvby
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3194
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3194
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1325/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1325.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181319 // 
            
            
            
            JVNDB: JVNDB-2020-004771 // 
            
            
            
            CNNVD: CNNVD-202004-1104 // 
            
            
            
            NVD: CVE-2020-3194

SOURCES
db:VULHUBid:VHN-181319
db:JVNDBid:JVNDB-2020-004771
db:CNNVDid:CNNVD-202004-1104
db:NVDid:CVE-2020-3194

LAST UPDATE DATE
2024-11-23T23:07:58.861000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181319date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2020-004771date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1104date:2021-08-13T00:00:00
db:NVDid:CVE-2020-3194date:2024-11-21T05:30:31.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-181319date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004771date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1104date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3194date:2020-04-15T21:15:35.340