CVE-2017-12368 Information

Feb 14, 2021 cve

Description

A \Cisco WebEx Network Recording Player Remote Code Execution Vulnerability\ exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and in some cases could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584 CSCve10591 CSCve11503 CSCve10658 CSCve11507 CSCve10749 CSCve10744 CSCve11532 CSCve10762 CSCve10764 CSCve11538.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/102017 http://www.securitytracker.com/id/1039895 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.6

Share on: