Vulnerability CVE-2018-0103

Vulnerability Name:

CVE-2018-0103 (CCN-137097)

Assigned:

2017-11-27

Published:

2018-01-03

Updated:

2019-10-09

Summary:

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-0103

Source: BID
Type: Third Party Advisory, VDB Entry
102369

Source: CCN
Type: BID-102369
Cisco WebEx Network Recording Player CVE-2018-0103 Local Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
cisco-webex-cve20180103-bo(137097)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20180103-wnrp
Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

Source: CONFIRM
Type: Mitigation, Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp

Source: CCN
Type: ZDI-18-007
Cisco WebEx ARF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:webex_business_suite:-:*:*:*:*:*:*:*

OR cpe:/a:cisco:webex_meetings:-:*:*:*:*:*:*:*

OR cpe:/a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*

OR cpe:/a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK