#VU24163 Input validation error in Cisco Systems, Inc Other software
Vulnerability identifier: #VU24163
Vulnerability risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco WebEx Event Center
Client/Desktop applications /
Office applications
Cisco Webex Support Center
Client/Desktop applications /
Office applications
Cisco WebEx Meeting Center
Client/Desktop applications /
Multimedia software
Cisco WebEx Training Center
Other software /
Other software solutions
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of Universal Communications Format UCF media files. A remote attacker can trick a victim to open a specially crafted UCF file and cause the application to quit unexpectedly.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Cisco WebEx Event Center: All versions
Cisco WebEx Meeting Center: All versions
Cisco WebEx Training Center: All versions
Cisco Webex Support Center: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-centers-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
