CVE-2018-0103

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Webex Network Recording Player
Vendor: CVE Published:; 4 January 2018

Summary

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.

Affected Version(s)

Cisco WebEx Network Recording Player Cisco WebEx Network Recording Player

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102369

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2018
Vulnerability Reserved
Nov 27, 2017