CVE-2020-3194Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex Meetings

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Webex MeetingsCisco Webex Meetings OnlineCisco Webex Meetings Server+2 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDcisco/webex_meetings39.539.5.18

🔴Vulnerability Details

2
GHSA
GHSA-46rf-9j25-mr47: A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to2022-05-24
CVEList
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability2020-04-15

📋Vendor Advisories

1
Cisco
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability2020-04-15

💬Community

1
Bugzilla
CVE-2020-14316 kubevirt: VMIs can be used to access host files2020-06-19
CVE-2020-3194 — Cisco Webex Meetings vulnerability | cvebase