Details of VAR-202106-0915

ID

VAR-202106-0915

CVE

CVE-2021-1526

TITLE

Windows For and MacOS for Cisco Webex Player Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-008099

DESCRIPTION

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Webex Network Webex Player is a player used by Cisco to play video conference records

Trust: 2.25

sources: NVD: CVE-2021-1526 // JVNDB: JVNDB-2021-008099 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374580

AFFECTED PRODUCTS

vendor:	cisco	model:	webex player	scope:	lt	version:	41.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex player	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex player	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008099 // NVD: CVE-2021-1526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1526
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1526
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1526
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-119
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374580
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1526
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374580
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1526
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1526
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374580 // JVNDB: JVNDB-2021-008099 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-119 // NVD: CVE-2021-1526 // NVD: CVE-2021-1526

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374580 // JVNDB: JVNDB-2021-008099 // NVD: CVE-2021-1526

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

cisco-sa-webex-player-kOf8zVT

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT

Trust: 0.8

sources: JVNDB: JVNDB-2021-008099

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1526	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008099	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060214	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1908	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-119	Trust: 0.6
db:	VULHUB	id:	VHN-374580	Trust: 0.1

sources: VULHUB: VHN-374580 // JVNDB: JVNDB-2021-008099 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-119 // NVD: CVE-2021-1526

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-player-kof8zvt	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1526	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1908	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060214	Trust: 0.6

sources: VULHUB: VHN-374580 // JVNDB: JVNDB-2021-008099 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-119 // NVD: CVE-2021-1526

SOURCES

db:	VULHUB	id:	VHN-374580
db:	JVNDB	id:	JVNDB-2021-008099
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-119
db:	NVD	id:	CVE-2021-1526

LAST UPDATE DATE

2024-08-14T12:16:16.258000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374580	date:	2021-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-008099	date:	2022-03-03T08:56:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-119	date:	2021-06-03T00:00:00
db:	NVD	id:	CVE-2021-1526	date:	2023-11-07T03:28:31.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374580	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-008099	date:	2022-03-03T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-119	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1526	date:	2021-06-04T17:15:08.660