CVE-2018-0264

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.6CRITICAL

EPSS

0.8%

top 25.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Business Suite 31 Cisco Webex Business Suite 32 Cisco Webex Meeting Server +1 more

Timeline

PublishedMay 2

Latest updateMay 13

Description

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerabi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

▶NVDcisco/webex_meeting_server< 3.0

▶NVDcisco/webex_business_suite_31< t32.12

▶NVDcisco/webex_business_suite_32< t31.23.4

▶CVEListV5cisco_webex_advanced_recording_format_file_playersCisco WebEx Advanced Recording Format file players

▶NVDcisco/webex_meetings< t32.12

🔴Vulnerability Details

GHSA

GHSA-qx7c-998c-pf6j: A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker↗2022-05-13

▶

CVEList

CVE-2018-0264: A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker↗2018-05-02

▶

📋Vendor Advisories

Cisco

Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability↗2018-05-02

▶