CVE-2018-0457 - OpenCVE

A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Webex Meetings Online

Configuration 1 [-]

OR	cpe:2.3:a:cisco:webex_meetings_online:t31:::::::*
	cpe:2.3:a:cisco:webex_meetings_online:t32:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105279
http://www.securitytracker.com/id/1041679
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-10-05T14:00:00Z

Updated: 2024-09-17T02:57:12.359Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0457

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-05T14:29:03.670

Modified: 2019-10-09T23:32:07.677

Link: CVE-2018-0457

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco WebEx WRF Player", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20180905 Cisco Webex Player WRF Files Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos"}, {"name": "105279", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105279"}, {"name": "1041679", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041679"}], "source": {"advisory": "cisco-sa-20180905-webex-player-dos", "defect": [["CSCvi36518", "CSCvi36549"]], "discovery": "UNKNOWN"}, "title": "Cisco Webex Player WRF Files Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-05T16:00:00-0500", "ID": "CVE-2018-0457", "STATE": "PUBLIC", "TITLE": "Cisco Webex Player WRF Files Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco WebEx WRF Player", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory."}]}, "impact": {"cvss": {"baseScore": "5.5", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "20180905 Cisco Webex Player WRF Files Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos"}, {"name": "105279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105279"}, {"name": "1041679", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041679"}]}, "source": {"advisory": "cisco-sa-20180905-webex-player-dos", "defect": [["CSCvi36518", "CSCvi36549"]], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:28:09.815Z"}, "title": "CVE Program Container", "references": [{"name": "20180905 Cisco Webex Player WRF Files Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos"}, {"name": "105279", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105279"}, {"name": "1041679", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041679"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0457", "datePublished": "2018-10-05T14:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-09-17T02:57:12.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_online:t31:*:*:*:*:*:*:*", "matchCriteriaId": "C83F69A8-CA4F-49C8-89A7-68531C10DF13", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_online:t32:*:*:*:*:*:*:*", "matchCriteriaId": "D81CF77E-25A5-4A88-B8E2-0E9827781EED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory."}, {"lang": "es", "value": "Una vulnerabilidad en los archivos de Cisco Webex Player for Webex Recording Format (WRF) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo a un usuario de un enlace o adjunto de email con un archivo WRF malicioso y persuadi\u00e9ndolo para que abra el archivo en Cisco Webex Player. Su explotaci\u00f3n con \u00e9xito podr\u00eda dar lugar a que el reproductor afectado se cierre inesperadamente, provocando una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para m\u00e1s informaci\u00f3n sobre esta vulnerabilidad, consulte la secci\u00f3n de detalles de este aviso de seguridad."}], "id": "CVE-2018-0457", "lastModified": "2019-10-09T23:32:07.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:03.670", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105279"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041679"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}