Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-15419
Analyzed
More InfoOfficial Page
Source-ykramarz@cisco.com
View Known Exploited Vulnerability (KEV) details
Published At-05 Oct, 2018 | 14:29
Updated At-16 Sep, 2020 | 14:17

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>webex_meetings_online>>Versions before 1.3.38(exclusive)
cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release2_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release5_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch2:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch3:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch4:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.5.1.29
cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.6
cpe:2.3:a:cisco:webex_meetings_server:2.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.6
cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release1_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.6
cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release2_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.6
cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release3_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.6
cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release3_patch2:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.7
cpe:2.3:a:cisco:webex_meetings_server:2.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.7
cpe:2.3:a:cisco:webex_meetings_server:2.7:base:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.7
cpe:2.3:a:cisco:webex_meetings_server:2.7:maintenance_release1_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.7
cpe:2.3:a:cisco:webex_meetings_server:2.7:maintenance_release2_patch1:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.7.1
cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.8
cpe:2.3:a:cisco:webex_meetings_server:2.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_meetings_server>>2.8
cpe:2.3:a:cisco:webex_meetings_server:2.8:base:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_business_suite_32>>Versions before 32.15.30(exclusive)
cpe:2.3:a:cisco:webex_business_suite_32:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>webex_business_suite_33>>Versions before 33.3(exclusive)
cpe:2.3:a:cisco:webex_business_suite_33:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-20Secondaryykramarz@cisco.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/105520ykramarz@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041795ykramarz@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rceykramarz@cisco.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/105520
Source: ykramarz@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1041795
Source: ykramarz@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce
Source: ykramarz@cisco.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found