Details of VAR-202006-1133

ID

VAR-202006-1133

CVE

CVE-2020-3319

TITLE

Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006458

DESCRIPTION

A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3

Trust: 1.71

sources: NVD: CVE-2020-3319 // JVNDB: JVNDB-2020-006458 // VULHUB: VHN-181444

AFFECTED PRODUCTS

vendor:	cisco	model:	webex network recording player	scope:	lte	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex network recording player	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex player	scope:	lte	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex network recording player	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex player	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-006458 // NVD: CVE-2020-3319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3319
value:	LOW
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3319
value:	LOW
Trust: 1.0
NVD:	JVNDB-2020-006458
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202006-337
value:	LOW
Trust: 0.6
VULHUB:	VHN-181444
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3319
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006458
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181444
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3319
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-006458
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181444 // JVNDB: JVNDB-2020-006458 // CNNVD: CNNVD-202006-337 // NVD: CVE-2020-3319 // NVD: CVE-2020-3319

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-181444 // JVNDB: JVNDB-2020-006458 // NVD: CVE-2020-3319

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-337

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-337

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006458

PATCH

title:

CSCvs98254

url:

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254

Trust: 0.8

sources: JVNDB: JVNDB-2020-006458

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3319	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-006458	Trust: 0.8
db:	CNNVD	id:	CNNVD-202006-337	Trust: 0.7
db:	VULHUB	id:	VHN-181444	Trust: 0.1

sources: VULHUB: VHN-181444 // JVNDB: JVNDB-2020-006458 // CNNVD: CNNVD-202006-337 // NVD: CVE-2020-3319

REFERENCES

url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvs98254	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3319	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3319	Trust: 0.8

sources: VULHUB: VHN-181444 // JVNDB: JVNDB-2020-006458 // CNNVD: CNNVD-202006-337 // NVD: CVE-2020-3319

SOURCES

db:	VULHUB	id:	VHN-181444
db:	JVNDB	id:	JVNDB-2020-006458
db:	CNNVD	id:	CNNVD-202006-337
db:	NVD	id:	CVE-2020-3319

LAST UPDATE DATE

2024-11-23T22:33:25.845000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181444	date:	2021-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-006458	date:	2020-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202006-337	date:	2020-06-15T00:00:00
db:	NVD	id:	CVE-2020-3319	date:	2024-11-21T05:30:48.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181444	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-006458	date:	2020-07-09T00:00:00
db:	CNNVD	id:	CNNVD-202006-337	date:	2020-06-03T00:00:00
db:	NVD	id:	CVE-2020-3319	date:	2020-06-03T17:15:25.733