CVE-2019-1640Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex WRF Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 46.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex WRF PlayerCisco Webex Meetings OnlineCisco Webex Meetings Server
Timeline
PublishedJan 23
Latest updateMay 13

Description

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/webex_meetings_online5 versions+4
NVDcisco/webex_meetings_server3.0mr2, t31+1

🔴Vulnerability Details

2
GHSA
GHSA-x34f-p7m4-2qx8: A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an atta2022-05-13
CVEList
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities2019-01-23

📋Vendor Advisories

1
Cisco
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities2019-01-23
CVE-2019-1640 — Cisco Webex WRF Player vulnerability | cvebase