| Vulnerability Name: | CVE-2018-0379 (CCN-146719) | ||||||||||||
| Assigned: | 2017-11-27 | ||||||||||||
| Published: | 2018-07-18 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-0379 Source: BID Type: Third Party Advisory, VDB Entry 104853 Source: CCN Type: BID-104853 Multiple Cisco WebEx Network Recording Players Multiple Remote Code Execution Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041347 Source: XF Type: UNKNOWN cisco-cve20180379-code-exec(146719) Source: CCN Type: Cisco Security Advisory cisco-sa-20180718-webex-rce Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce Source: CCN Type: ZDI-18-425 Cisco WebEx Recorder and Player WRF File Length Field Out-Of-Bounds Read Information Disclosure Vulnerability Source: CCN Type: ZDI-18-967 Cisco WebEx Recorder and Player WRF File Heap-based Buffer Overflow Vulnerability Source: CCN Type: ZDI-18-968 Cisco WebEx Network Recording Player ARF File Heap-based Buffer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-969 Cisco WebEx Network Recording Player ARF File Uninitialized Pointer Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-970 Cisco WebEx Network Recording Player ATPDMOD Heap-based Buffer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-971 Cisco WebEx Network Recording Player ATJPEG60 Stack-based Buffer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-972 Cisco WebEx Network Recording Player ATPACK Decompression Heap-based Buffer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-973 Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-974 Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-975 Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-976 Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability Source: CCN Type: ZDI-18-977 Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||