CVE-2017-12367Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex Meetings Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-125Out-of-bounds Read4 documents4 sources
Severity
9.6CRITICALNVD
EPSS
1.2%
top 20.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings Server
Timeline
PublishedNov 30
Latest updateMay 13

Description

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. C

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages1 packages

NVDcisco/webex_meetings_servert29, t30, t31.11.2+2

🔴Vulnerability Details

2
GHSA
GHSA-64cr-34vr-ch4q: A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format2022-05-13
CVEList
CVE-2017-12367: A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format2017-11-30

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players2017-11-30
CVE-2017-12367 — Cisco vulnerability | cvebase