Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0104

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.

Published

2018-01-04T06:29:00.387

Last Modified

2024-11-21T03:37:31.737

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	webex_business_suite	-	Yes
Application	cisco	webex_meetings	-	Yes
Application	cisco	webex_meetings_server	-	Yes
Application	cisco	webex_network_recording_player	-	Yes

References

http://www.securityfocus.com/bid/102382 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/102382 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)