CVE-2018-15421

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
ciscowebex_meetings_online
𝑥
< 1.3.37
ciscowebex_meetings_server
2.5:maintenance_release2_patch1
ciscowebex_meetings_server
2.5:maintenance_release5_patch1
ciscowebex_meetings_server
2.5:maintenance_release6_patch2
ciscowebex_meetings_server
2.5:maintenance_release6_patch3
ciscowebex_meetings_server
2.5:maintenance_release6_patch4
ciscowebex_meetings_server
2.5.1.29
ciscowebex_meetings_server
2.6
ciscowebex_meetings_server
2.6:maintenance_release1_patch1
ciscowebex_meetings_server
2.6:maintenance_release2_patch1
ciscowebex_meetings_server
2.6:maintenance_release3_patch1
ciscowebex_meetings_server
2.6:maintenance_release3_patch2
ciscowebex_meetings_server
2.7
ciscowebex_meetings_server
2.7:base
ciscowebex_meetings_server
2.7:maintenance_release1_patch1
ciscowebex_meetings_server
2.7:maintenance_release2_patch1
ciscowebex_meetings_server
2.7.1
ciscowebex_meetings_server
2.8
ciscowebex_meetings_server
2.8:base
ciscowebex_business_suite_32
𝑥
< 32.15.10
ciscowebex_business_suite_33
𝑥
< 33.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105374
http://www.securitytracker.com/id/1041689
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex
http://www.securityfocus.com/bid/105374
http://www.securitytracker.com/id/1041689
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex