CVE-2021-1527

CWE-119Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 32.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex PlayerCisco Cisco Webex Meetings
Timeline
PublishedJun 4
Latest updateMay 24

Description

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious WRF file to a user as a link or email attachment and then persuading the us

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDcisco/webex_player< 41.5

🔴Vulnerability Details

2
GHSA
GHSA-rq38-43xh-2f3p: A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to m2022-05-24
CVEList
Cisco Webex Player Memory Corruption Vulnerability2021-06-04

📋Vendor Advisories

1
Cisco
Cisco Webex Player Memory Corruption Vulnerability2021-06-02
CVE-2021-1527 (MEDIUM CVSS 6.1) | A vulnerability in Cisco Webex Play | cvebase.io