CVE-2017-12372Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex Meetings

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds ReadCWE-20Improper Input Validation4 documents4 sources
Severity
9.6CRITICALNVD
EPSS
2.2%
top 15.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings Server
Timeline
PublishedNov 30
Latest updateMay 13

Description

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted use

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

NVDcisco/webex_meetingst29, t30, t31.11.2+2

🔴Vulnerability Details

2
GHSA
GHSA-mjw9-984c-83g9: A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording For2022-05-13
CVEList
CVE-2017-12372: A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording For2017-11-30

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players2017-11-30
CVE-2017-12372 — Cisco Webex Meetings vulnerability | cvebase