CVE-2018-0112

EPSS 1.32%
Veröffentlicht 19.04.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:37:32
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds prior to 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Webex Meetings Server Version2.7

Cisco ≫ Webex Meetings Server Version2.8

Cisco ≫ Webex Meetings Server Version3.0

Cisco ≫ Webex Meetings Versiont31

Cisco ≫ Webex Meetings Versiont31 Updatesp11

Cisco ≫ Webex Business Suite 31 Version < t31.23.2

Cisco ≫ Webex Business Suite 32 Version < t32.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.32%	0.79

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.3	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/103920

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040709

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0112

EUVD