CVE-2018-0379 Information

Description

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites Cisco Webex Meetings Online sites and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621 CSCvi02965 CSCvi63329 CSCvi63333 CSCvi63335 CSCvi63374 CSCvi63376 CSCvi63377 CSCvi63391 CSCvi63392 CSCvi63396 CSCvi63495 CSCvi63497 CSCvi63498 CSCvi82684 CSCvi82700 CSCvi82705 CSCvi82725 CSCvi82737 CSCvi82742 CSCvi82760 CSCvi82771 CSCvj51284 CSCvj51294.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/104853 http://www.securitytracker.com/id/1041347 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8