CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0380
https://notcve.org/view.php?id=CVE-2018-0380
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. • http://www.securityfocus.com/bid/104880 http://www.securitytracker.com/id/1041351 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0387
https://notcve.org/view.php?id=CVE-2018-0387
A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. • http://www.securityfocus.com/bid/104873 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-teams-rce • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-0379 – Cisco WebEx Recorder and Player ATDL2006 Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0379
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294. • http://www.securityfocus.com/bid/104853 http://www.securitytracker.com/id/1041347 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-rce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0390
https://notcve.org/view.php?id=CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287. Una vulnerabilidad en el framework web de Cisco WebEx podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) basado en DOM (Document Object Model) contra un usuario de dicha interfaz en el sistema afectado. • http://www.securityfocus.com/bid/104865 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0357
https://notcve.org/view.php?id=CVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274. Una vulnerabilidad en el framework web de Cisco WebEx podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el sistema afectado. • http://www.securityfocus.com/bid/104420 http://www.securitytracker.com/id/1041063 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •