cnvd - cnvd-2018-09000

cnvd-2018-09000

Vulnerability from cnvd

Title

Cisco WebEx Business Suite meeting sites和WebEx Meetings sites WebEx Recording Format Player信息泄露漏洞

Description

Cisco WebEx Business Suite meeting sites和WebEx Meetings sites都是美国思科（Cisco）公司的视频会议解决方案。WebEx Recording Format（WRF）Player是其中的一款播放器，主要用于播放WRF格式的WebEx（网络会议）录制文件。 Cisco WebEx Business Suite meeting sites和WebEx Meetings sites中的WebEx WRF Player存在信息泄露漏洞。远程攻击者可通过使用恶意制作的文件利用该漏洞读取映射文件边界之外的内存。

Severity

中

Patch Name

Cisco WebEx Business Suite meeting sites和WebEx Meetings sites WebEx Recording Format Player信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id

Impacted products

Name
['Cisco WebEx Business Suite meeting sites', 'Cisco WebEx Meetings sites']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0288"
    }
  },
  "description": "Cisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002WebEx Recording Format\uff08WRF\uff09Player\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u64ad\u653e\u5668\uff0c\u4e3b\u8981\u7528\u4e8e\u64ad\u653eWRF\u683c\u5f0f\u7684WebEx\uff08\u7f51\u7edc\u4f1a\u8bae\uff09\u5f55\u5236\u6587\u4ef6\u3002\r\n\r\nCisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites\u4e2d\u7684WebEx WRF Player\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u6076\u610f\u5236\u4f5c\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6620\u5c04\u6587\u4ef6\u8fb9\u754c\u4e4b\u5916\u7684\u5185\u5b58\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09000",
  "openTime": "2018-05-07",
  "patchDescription": "Cisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002WebEx Recording Format\uff08WRF\uff09Player\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u64ad\u653e\u5668\uff0c\u4e3b\u8981\u7528\u4e8e\u64ad\u653eWRF\u683c\u5f0f\u7684WebEx\uff08\u7f51\u7edc\u4f1a\u8bae\uff09\u5f55\u5236\u6587\u4ef6\u3002\r\n\r\nCisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites\u4e2d\u7684WebEx WRF Player\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u6076\u610f\u5236\u4f5c\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6620\u5c04\u6587\u4ef6\u8fb9\u754c\u4e4b\u5916\u7684\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites WebEx Recording Format Player\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco WebEx Business Suite meeting sites",
      "Cisco WebEx Meetings sites"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-04",
  "title": "Cisco WebEx Business Suite meeting sites\u548cWebEx Meetings sites WebEx Recording Format Player\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2018-0288 (GCVE-0-2018-0288)

Vulnerability from cvelistv5

Published

2018-05-02 22:00

Modified

2024-11-29 15:10

Severity ?

CWE

CWE-200

Summary

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104091	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040825	vdb-entry, x_refsource_SECTRACK