cnvd-2018-10232
Vulnerability from cnvd
Title
多款Cisco WebEx Network Recording Players远程代码执行漏洞
Description
Cisco WebEx Business Suite meeting sites、WebEx Meetings sites和WebEx Meetings Server都是美国思科(Cisco)公司的视频会议解决方案。WebEx Network Recording Player for Advanced Recording Format(ARF)是其中的一个会议记录播放器。 Cisco WebEx Business Suite meeting sites、WebEx Meetings sites和WebEx Meetings Server中的WebEx Network Recording Player for ARF存在输入验证漏洞。远程攻击者可通过向用户发送邮件附件或能够连接到恶意文件的链接并诱使用户打开该文件或链接利用该漏洞在用户系统上执行任意代码。
Severity
Patch Name
多款Cisco WebEx Network Recording Players远程代码执行漏洞的补丁
Patch Description
Cisco WebEx Business Suite meeting sites、WebEx Meetings sites和WebEx Meetings Server都是美国思科(Cisco)公司的视频会议解决方案。WebEx Network Recording Player for Advanced Recording Format(ARF)是其中的一个会议记录播放器。 Cisco WebEx Business Suite meeting sites、WebEx Meetings sites和WebEx Meetings Server中的WebEx Network Recording Player for ARF存在输入验证漏洞。远程攻击者可通过向用户发送邮件附件或能够连接到恶意文件的链接并诱使用户打开该文件或链接利用该漏洞在用户系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce

Reference
https://www.securityfocus.com/bid/104128
Impacted products
Name
['Cisco WebEx Meetings Server', 'Cisco WebEx Business Suite meeting sites', 'Cisco WebEx Meetings sites']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "104128"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0287"
    }
  },
  "description": "Cisco WebEx Business Suite meeting sites\u3001WebEx Meetings sites\u548cWebEx Meetings Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002WebEx Network Recording Player for Advanced Recording Format\uff08ARF\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f1a\u8bae\u8bb0\u5f55\u64ad\u653e\u5668\u3002\r\n\r\nCisco WebEx Business Suite meeting sites\u3001WebEx Meetings sites\u548cWebEx Meetings Server\u4e2d\u7684WebEx Network Recording Player for ARF\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u90ae\u4ef6\u9644\u4ef6\u6216\u80fd\u591f\u8fde\u63a5\u5230\u6076\u610f\u6587\u4ef6\u7684\u94fe\u63a5\u5e76\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u8be5\u6587\u4ef6\u6216\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Kushal Arvind Shah of Fortinet\u00e2??s FortiGuard Labs",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10232",
  "openTime": "2018-05-24",
  "patchDescription": "Cisco WebEx Business Suite meeting sites\u3001WebEx Meetings sites\u548cWebEx Meetings Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002WebEx Network Recording Player for Advanced Recording Format\uff08ARF\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f1a\u8bae\u8bb0\u5f55\u64ad\u653e\u5668\u3002\r\n\r\nCisco WebEx Business Suite meeting sites\u3001WebEx Meetings sites\u548cWebEx Meetings Server\u4e2d\u7684WebEx Network Recording Player for ARF\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u90ae\u4ef6\u9644\u4ef6\u6216\u80fd\u591f\u8fde\u63a5\u5230\u6076\u610f\u6587\u4ef6\u7684\u94fe\u63a5\u5e76\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u8be5\u6587\u4ef6\u6216\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco WebEx Network Recording Players\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco WebEx Meetings Server",
      "Cisco WebEx Business Suite meeting sites",
      "Cisco WebEx Meetings sites"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/104128",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-04",
  "title": "\u591a\u6b3eCisco WebEx Network Recording Players\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.