Design Flaw in Cisco WebEx WRF Player Exposes Sensitive User Data
CVE-2018-0288

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Webex Recording Format Player
Vendor
CVE Published:
2 May 2018

Summary

A design flaw in Cisco WebEx Recording Format (WRF) Player could be exploited by an unauthenticated attacker to access sensitive application data. By using a crafted file, attackers may bypass code checks and read memory outside the allocated bounds, potentially enabling further reconnaissance actions against the affected system. This vulnerability impacts various Cisco WebEx products, including Business Suite meeting sites and WRF players, making it crucial for users to assess their exposure and implement necessary security measures.

Affected Version(s)

Cisco WebEx Recording Format Player Cisco WebEx Recording Format Player

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104091
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040825
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.