CVE-2018-0379

CWE-119 — Buffer Overflow5 documents5 sources

Severity

7.8HIGH

EPSS

0.4%

top 38.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Business Suite Cisco Webex Meetings Online Cisco Webex Meeting Server

Timeline

PublishedJul 18

Latest updateMay 13

Description

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF reco…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco_webex_network_recording_players_unknownCisco Webex Network Recording Players unknown

▶NVDcisco/webex_meetings_online< 1.3.35+1

▶NVDcisco/webex_meeting_server3.0

▶NVDcisco/webex_business_suite32.0 — 32.15+7

🔴Vulnerability Details

GHSA

GHSA-w494-3p63-x3xx: Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files↗2022-05-13

▶

CVEList

CVE-2018-0379: Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files↗2018-07-18

▶

📋Vendor Advisories

Cisco

Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities↗2018-07-18

▶

💬Community

Bugzilla

CVE-2018-0764 .NET Core: Improper processing of XML documents can cause a denial of service↗2018-01-12

▶