Details of VAR-202106-0901

ID

VAR-202106-0901

CVE

CVE-2021-1503

TITLE

Cisco Webex Network Recording Player and Cisco Webex Player Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012350

DESCRIPTION

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1503 // JVNDB: JVNDB-2021-012350 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374557

AFFECTED PRODUCTS

vendor:	cisco	model:	webex player	scope:	lt	version:	41.2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex player	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012350 // NVD: CVE-2021-1503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1503
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1503
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1503
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-118
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374557
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1503
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374557
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1503
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1503
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374557 // JVNDB: JVNDB-2021-012350 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-118 // NVD: CVE-2021-1503 // NVD: CVE-2021-1503

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374557 // JVNDB: JVNDB-2021-012350 // NVD: CVE-2021-1503

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-118

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

cisco-sa-webex-player-rCFDeVj2

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-rCFDeVj2

Trust: 0.8

sources: JVNDB: JVNDB-2021-012350

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1503	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-012350	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060214	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1909	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-118	Trust: 0.6
db:	VULHUB	id:	VHN-374557	Trust: 0.1

sources: VULHUB: VHN-374557 // JVNDB: JVNDB-2021-012350 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-118 // NVD: CVE-2021-1503

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-player-rcfdevj2	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1503	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1909	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060214	Trust: 0.6

sources: VULHUB: VHN-374557 // JVNDB: JVNDB-2021-012350 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-118 // NVD: CVE-2021-1503

SOURCES

db:	VULHUB	id:	VHN-374557
db:	JVNDB	id:	JVNDB-2021-012350
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-118
db:	NVD	id:	CVE-2021-1503

LAST UPDATE DATE

2024-08-14T12:55:26.307000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374557	date:	2021-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-012350	date:	2022-08-30T03:06:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-118	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-1503	date:	2023-11-07T03:28:27.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374557	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-012350	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-118	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1503	date:	2021-06-04T17:15:08.277