CVE-2021-1502

CWE-119 — Buffer Overflow CWE-995 documents5 sources

Severity

7.8HIGH

EPSS

0.5%

top 36.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Network Recording Player Cisco Cisco Webex Meetings Cisco Webex Meetings Server +1 more

Timeline

PublishedJun 4

Latest updateMay 21

Description

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/webex_network_recording_player< 41.5

▶NVDcisco/webex_teams3.0.15485.0

▶CVEListV5cisco/cisco_webex_meetingsn/a

▶NVDcisco/webex_meetings_server4.0

🔴Vulnerability Details

GHSA

GHSA-34qr-5fqg-cj38: A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to↗2022-05-24

▶

CVEList

Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability↗2021-06-04

▶

📋Vendor Advisories

Red Hat

kernel: mm/slub: actually fix freelist pointer vs redzoning↗2024-05-21

▶

Cisco

Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability↗2021-06-02

▶