CVE-2014-2136

CWE-119Buffer OverflowCWE-20Improper Input Validation5 documents5 sources
Severity
9.3CRITICAL
EPSS
4.3%
top 11.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Advanced Recording Format PlayerCisco Webex Recording Format Player
Timeline
PublishedMay 8
Latest updateMay 17

Description

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-mggp-6396-grv7: Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T282022-05-17
CVEList
CVE-2014-2136: Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T282014-05-08

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players2014-05-07
CVE-2014-2136 (CRITICAL CVSS 9.3) | Buffer overflow in Cisco Advanced R | cvebase.io