Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-0264

Опубликовано: 02 мая 2018
Источник: nvd
CVSS3: 9.6
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Ser

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_business_suite_31:*:*:*:*:*:*:*:*
Версия до t32.12 (исключая)
cpe:2.3:a:cisco:webex_business_suite_32:*:*:*:*:*:*:*:*
Версия до t31.23.4 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:cisco:webex_meeting_server:*:*:*:*:*:*:*:*
Версия до 3.0 (исключая)
cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*
Версия до t32.12 (исключая)

EPSS

Процентиль: 74%
0.00836
Низкий

9.6 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-qx7c-998c-pf6j

CVSS3: 9.6
github
больше 3 лет назад

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting ...

fstec логотип

BDU:2018-00651

CVSS3: 9.6
fstec
почти 8 лет назад

Уязвимость механизма воспроизведения записей веб-конференций программного обеспечения для веб-конференцсвязи Cisco WebEx Business Suite, WebEx Meetings, Cisco WebEx Meetings Server, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 74%
0.00836
Низкий

9.6 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20
CWE-20