CVE-2018-0288Sensitive Information Exposure in Cisco Webex Meetings Online

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 32.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings Online
Timeline
PublishedMay 2
Latest updateMay 13

Description

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outs

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcisco/webex_meetings_onlinet31.20, t31.20.2+1

🔴Vulnerability Details

2
GHSA
GHSA-5jq6-86p2-28gg: A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the applic2022-05-13
CVEList
CVE-2018-0288: A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the applic2018-05-02

📋Vendor Advisories

1
Cisco
Cisco WebEx Recording Format Player Information Disclosure Vulnerability2018-05-02
CVE-2018-0288 — Sensitive Information Exposure in Cisco | cvebase