Skip to main content

Webex Meeting Center CVE-2017-12359

MEDIUM
Buffer Overflow (CWE-119)
2017-11-30 psirt@cisco.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 30, 2017 - 09:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.

AnalysisAI

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543. Affected products include: Cisco Webex Meeting Center, Cisco Webex Meetings Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2015-6360 HIGH
7.5 Apr 21

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via

CVE-2015-4208 HIGH
7.5 Jun 24

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers

CVE-2016-1410 HIGH
7.5 May 28

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username

CVE-2015-4209 MEDIUM
6.4 Jun 23

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote at

CVE-2017-12366 MEDIUM
6.1 Nov 30

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2017-12298 MEDIUM
6.1 Oct 19

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2014-3311 MEDIUM
5.1 Jul 10

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx

CVE-2017-12286 MEDIUM
5.5 Oct 19

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profi

CVE-2017-3799 MEDIUM
5.4 Jan 26

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perf

CVE-2019-15987 MEDIUM
5.3 Nov 26

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center

Share

CVE-2017-12359 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy