CVE-2016-1415
published 2016-09-03CVE-2016-1415: Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted…
PriorityP428medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
5.61%
91.9th percentile
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | webex_meetings_player | — | — |
| cisco | webex_wrf_player_t29 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_cisco4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco WebEx Meetings Player Denial of Service Vulnerability
vendor_cisco·2016-08-31·CVSS 4.3
CVE-2016-1415 [MEDIUM] CWE-399 Cisco WebEx Meetings Player Denial of Service Vulnerability
Cisco WebEx Meetings Player Denial of Service Vulnerability
A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to cause WebEx Meetings Player to crash.
The vulnerability is due to improper validation of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file by using the affected software. A successful exploit could allow the attacker to cause WebEx Meetings Player to crash.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webex
Cisco
Cisco WebEx Meetings Player Denial of Service Vulnerability
vendor_cisco
CVE-2016-1415 Cisco WebEx Meetings Player Denial of Service Vulnerability
CVE-2016-1415: Cisco WebEx Meetings Player Denial of Service Vulnerability
A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to cause WebEx Meetings Player to crash. The vulnerability is due to improper validation of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file by using the affected software. A successful exploit could allow the attacker to cause WebEx Meetings Player to crash. Cisco has released software updates that address this vulnerability.
CWE: CWE-399, CWE-399
Bug IDs: CSCuz80455
GHSA
GHSA-fqf4-wq7j-mqmv: Cisco WebEx Meetings Player T29
ghsa_unreviewed·2022-05-17
CVE-2016-1415 [MEDIUM] GHSA-fqf4-wq7j-mqmv: Cisco WebEx Meetings Player T29
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webexhttp://www.securityfocus.com/bid/92711http://www.securitytracker.com/id/1036713https://www.exploit-db.com/exploits/40509/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webexhttp://www.securityfocus.com/bid/92711http://www.securitytracker.com/id/1036713https://www.exploit-db.com/exploits/40509/
2016-09-03
Published