Main Vulnerability Database Vulnerabilities #VU13913

Improper input validation in Webex Player and Cisco WebEx Network Recording Player - CVE-2018-0380

Published: July 19, 2018

Vulnerability identifier: #VU13913

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0380

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Webex Player
Cisco WebEx Network Recording Player

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files due to insufficient input validation. A remote unauthenticated attacker can supply a specially crafted .arf or .wrf file via email or URL, thick the victim into launching it in the Webex recording players and cause the service to crash.

How to mitigate CVE-2018-0380

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dos

Improper input validation in Webex Player and Cisco WebEx Network Recording Player - CVE-2018-0380

Detailed vulnerability description

How to mitigate CVE-2018-0380

Sources

Please verify you're human