CVE-2018-0380

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533.

Existen múltiples vulnerabilidades en Cisco Webex Network Recording Player para los archivos Advanced Recording Format (ARF) y Webex Recording Format (WRF). Un atacante podría explotar esta vulnerabilidad proporcionando a un usuario un archivo .arf o .wrf por email o URL y convenciendo a ese usuario para que ejecute ese archivo en las grabadoras Webex. La explotación de estas vulnerabilidades podría provocar que el reproductor afectado se reinicie, provocando una denegación de servicio (DoS). Los reproductores Cisco Webex son aplicaciones que se emplean para reproducir reuniones Webex que han sido grabadas por un asistente a la reunión online. Webex Network Recording Player para archivos .arf puede instalarse automáticamente cuando el usuario accede a una grabación alojada en un servidor Webex. Webex Player para .wrf puede descargarse manualmente. Estas vulnerabilidades afectan a las grabadoras ARF y WRF disponibles desde los sitios Cisco Webex Meetings Suite, Cisco Webex Meetings Online y Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-07-18 CVE Published
2024-03-06 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/104880	Third Party Advisory
http://www.securitytracker.com/id/1041351	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Webex Meetings Online Search vendor "Cisco" for product "Webex Meetings Online"				t30 Search vendor "Cisco" for product "Webex Meetings Online" and version "t30"		-		Affected
Cisco Search vendor "Cisco"		Webex Meetings Online Search vendor "Cisco" for product "Webex Meetings Online"				t31 Search vendor "Cisco" for product "Webex Meetings Online" and version "t31"		-		Affected
Cisco Search vendor "Cisco"		Webex Meetings Online Search vendor "Cisco" for product "Webex Meetings Online"				t31.20 Search vendor "Cisco" for product "Webex Meetings Online" and version "t31.20"		-		Affected
Cisco Search vendor "Cisco"		Webex Meetings Online Search vendor "Cisco" for product "Webex Meetings Online"				t31.23 Search vendor "Cisco" for product "Webex Meetings Online" and version "t31.23"		-		Affected
Cisco Search vendor "Cisco"		Webex Meetings Online Search vendor "Cisco" for product "Webex Meetings Online"				t31.23.2 Search vendor "Cisco" for product "Webex Meetings Online" and version "t31.23.2"		-		Affected