Vulnerability Details : CVE-2017-12367
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548.
Vulnerability category: OverflowInput validationDenial of service
Products affected by CVE-2017-12367
- cpe:2.3:a:cisco:webex_meetings_server:t30:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:t29:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:t31.11.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12367
1.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12367
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
9.6
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.8
|
6.0
|
NIST |
CWE ids for CVE-2017-12367
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2017-12367
-
http://www.securityfocus.com/bid/102017
Multiple Cisco WebEx Products Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039895
Cisco WebEx Player Multiple File Processing Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format PlayersVendor Advisory
Jump to