Details of VAR-202106-0900

ID

VAR-202106-0900

CVE

CVE-2021-1502

TITLE

Windows and MacOS for Cisco Webex Network Recording Player and Cisco Webex Player Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007749

DESCRIPTION

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1502 // JVNDB: JVNDB-2021-007749 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374556

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings desktop	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex network recording player	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex network recording player	scope:	lt	version:	41.5	Trust: 1.0
vendor:	cisco	model:	webex teams	scope:	eq	version:	3.0.15485.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex network recording player	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings desktop	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007749 // NVD: CVE-2021-1502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1502
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1502
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1502
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-117
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374556
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1502
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374556
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1502
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1502
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374556 // JVNDB: JVNDB-2021-007749 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-117 // NVD: CVE-2021-1502 // NVD: CVE-2021-1502

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374556 // JVNDB: JVNDB-2021-007749 // NVD: CVE-2021-1502

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-117

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

cisco-sa-webex-player-dOJ2jOJ

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ

Trust: 0.8

sources: JVNDB: JVNDB-2021-007749

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1502	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007749	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060214	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1909	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-117	Trust: 0.6
db:	VULHUB	id:	VHN-374556	Trust: 0.1

sources: VULHUB: VHN-374556 // JVNDB: JVNDB-2021-007749 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-117 // NVD: CVE-2021-1502

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-player-doj2joj	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1502	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1909	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060214	Trust: 0.6

sources: VULHUB: VHN-374556 // JVNDB: JVNDB-2021-007749 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-117 // NVD: CVE-2021-1502

SOURCES

db:	VULHUB	id:	VHN-374556
db:	JVNDB	id:	JVNDB-2021-007749
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-117
db:	NVD	id:	CVE-2021-1502

LAST UPDATE DATE

2024-08-14T13:01:57.739000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374556	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-007749	date:	2022-02-22T07:06:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-117	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1502	date:	2023-11-07T03:28:27.367

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374556	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-007749	date:	2022-02-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-117	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1502	date:	2021-06-04T17:15:08.097