var-201804-0660
Vulnerability from variot
A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds prior to 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746. Vendors have confirmed this vulnerability Bug ID CSCvg19384 , CSCvi10746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "2.8"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "2.7"
},
{
"_id": null,
"model": "webex meetings",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "t31"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "webex business suite 32",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "t32.10"
},
{
"_id": null,
"model": "webex business suite 31",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "t31.23.2"
},
{
"_id": null,
"model": "webex business suite",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings server",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex business suite client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "webex meetings server 2.7mr2 sp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7.1.3047"
},
{
"_id": null,
"model": "webex meetings server 2.6mr3 sp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.1.30"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.0.8"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6"
},
{
"_id": null,
"model": "webex meetings server 2.5mr6 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6"
},
{
"_id": null,
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.99.2"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.1.5"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.0.997"
},
{
"_id": null,
"model": "webex meetings server mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"_id": null,
"model": "webex meetings server base",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"_id": null,
"model": "webex meetings server 2.0mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "webex meetings client t31.14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.6"
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.131"
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5"
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"_id": null,
"model": "webex meetings client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "webex business suite client t32.10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex business suite client t31.14.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex business suite client t31.10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings with client t32.10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex meetings server mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.8"
},
{
"_id": null,
"model": "webex business suite client t32.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "webex business suite client t31.23.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "103920"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
},
{
"db": "NVD",
"id": "CVE-2018-0112"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:webex_business_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:webex_meetings",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:webex_meetings_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
}
]
},
"credits": {
"_id": null,
"data": "Alexandros Zacharis of ENISA.",
"sources": [
{
"db": "BID",
"id": "103920"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0112",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2018-0112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-118314",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2018-0112",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0112",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-0112",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1112",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118314",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-0112",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118314"
},
{
"db": "VULMON",
"id": "CVE-2018-0112"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
},
{
"db": "NVD",
"id": "CVE-2018-0112"
}
]
},
"description": {
"_id": null,
"data": "A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds prior to 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746. Vendors have confirmed this vulnerability Bug ID CSCvg19384 , CSCvi10746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0112"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "BID",
"id": "103920"
},
{
"db": "VULHUB",
"id": "VHN-118314"
},
{
"db": "VULMON",
"id": "CVE-2018-0112"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-0112",
"trust": 2.9
},
{
"db": "BID",
"id": "103920",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1040709",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118314",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-0112",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118314"
},
{
"db": "VULMON",
"id": "CVE-2018-0112"
},
{
"db": "BID",
"id": "103920"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
},
{
"db": "NVD",
"id": "CVE-2018-0112"
}
]
},
"id": "VAR-201804-0660",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118314"
}
],
"trust": 0.6833333
},
"last_update_date": "2024-11-23T22:34:18.216000Z",
"patch": {
"_id": null,
"data": [
{
"title": "cisco-sa-20180418-wbs",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs"
},
{
"title": "Multiple Cisco Fixes for product input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81407"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2018/05/03/cisco_patches_may_2/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2018/04/19/cisco_patch_webex/"
},
{
"title": "Cisco: Cisco WebEx Clients Remote Code Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180418-wbs"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2018/04/23/firms-using-webex-risk-poisoned-flash-attacks/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-0112"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118314"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "NVD",
"id": "CVE-2018-0112"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-wbs"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/103920"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1040709"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0112"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0112"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-cisco-webex-bug-allows-remote-code-execution/131657/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118314"
},
{
"db": "VULMON",
"id": "CVE-2018-0112"
},
{
"db": "BID",
"id": "103920"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
},
{
"db": "NVD",
"id": "CVE-2018-0112"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-118314",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-0112",
"ident": null
},
{
"db": "BID",
"id": "103920",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004272",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-0112",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-118314",
"ident": null
},
{
"date": "2018-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0112",
"ident": null
},
{
"date": "2018-04-18T00:00:00",
"db": "BID",
"id": "103920",
"ident": null
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004272",
"ident": null
},
{
"date": "2018-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1112",
"ident": null
},
{
"date": "2018-04-19T20:29:00.253000",
"db": "NVD",
"id": "CVE-2018-0112",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118314",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0112",
"ident": null
},
{
"date": "2018-04-18T00:00:00",
"db": "BID",
"id": "103920",
"ident": null
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004272",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1112",
"ident": null
},
{
"date": "2024-11-21T03:37:32.720000",
"db": "NVD",
"id": "CVE-2018-0112",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Cisco WebEx Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004272"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "103920"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1112"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.