Vulnerability Details : CVE-2018-0287
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228.
Vulnerability category: Input validationExecute code
Products affected by CVE-2018-0287
- cpe:2.3:a:cisco:webex_meetings_online:t30:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_online:t32.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0287
2.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0287
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-0287
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0287
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce
Cisco WebEx Advanced Recording Format Player Remote Code Execution VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1040824
Cisco WebEx Network Recording Player ARF File Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target User's System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/104128
Multiple Cisco WebEx Network Recording Players CVE-2018-0287 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
Jump to