cnvd-2020-19233
Vulnerability from cnvd

Title: Cisco Webex Network Recording Player和Webex Player输入验证错误漏洞

Description:

Cisco Webex Network Recording Player是美国思科(Cisco)公司的一款用于播放视频会议记录的播放器。

基于Windows平台的Cisco Webex Network Recording Player和Cisco Webex Player中存在输入验证错误漏洞,该漏洞源于程序未能充分验证ARF或WRF格式下的Webex记录信息。攻击者可通过发送恶意的ARF或WRF文件利用该漏洞以目标用户权限在系统上执行任意代码。

Severity:

Patch Name: Cisco Webex Network Recording Player和Webex Player输入验证错误漏洞的补丁

Patch Description:

Cisco Webex Network Recording Player是美国思科(Cisco)公司的一款用于播放视频会议记录的播放器。

基于Windows平台的Cisco Webex Network Recording Player和Cisco Webex Player中存在输入验证错误漏洞,该漏洞源于程序未能充分验证ARF或WRF格式下的Webex记录信息。攻击者可通过发送恶意的ARF或WRF文件利用该漏洞以目标用户权限在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-3128

Impacted products
Name
['Cisco Webex Meetings <Release WBS 39.11.0', 'Cisco WebEx Network Recording Player <Release WBS 39.5.17', 'Cisco Webex Meetings Server <Release 3.0MR3SecurityPatch1', 'Cisco Webex Meetings Server <4.0MR2SecurityPatch2', 'Cisco WebEx Player <Release WBS 39.5.17', 'Cisco Webex Meetings Online <Release 1.3.49']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3128"
    }
  },
  "description": "Cisco Webex Network Recording Player\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u64ad\u653e\u89c6\u9891\u4f1a\u8bae\u8bb0\u5f55\u7684\u64ad\u653e\u5668\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Cisco Webex Network Recording Player\u548cCisco Webex Player\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1ARF\u6216WRF\u683c\u5f0f\u4e0b\u7684Webex\u8bb0\u5f55\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684ARF\u6216WRF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u76ee\u6807\u7528\u6237\u6743\u9650\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-19233",
  "openTime": "2020-03-25",
  "patchDescription": "Cisco Webex Network Recording Player\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u64ad\u653e\u89c6\u9891\u4f1a\u8bae\u8bb0\u5f55\u7684\u64ad\u653e\u5668\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Cisco Webex Network Recording Player\u548cCisco Webex Player\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1ARF\u6216WRF\u683c\u5f0f\u4e0b\u7684Webex\u8bb0\u5f55\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684ARF\u6216WRF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u76ee\u6807\u7528\u6237\u6743\u9650\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Webex Network Recording Player\u548cWebex Player\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Webex Meetings \u003cRelease WBS 39.11.0",
      "Cisco WebEx Network Recording Player \u003cRelease WBS 39.5.17",
      "Cisco Webex Meetings Server \u003cRelease 3.0MR3SecurityPatch1",
      "Cisco Webex Meetings Server \u003c4.0MR2SecurityPatch2",
      "Cisco WebEx Player \u003cRelease WBS 39.5.17",
      "Cisco Webex Meetings Online \u003cRelease 1.3.49"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3128",
  "serverity": "\u9ad8",
  "submitTime": "2020-03-05",
  "title": "Cisco Webex Network Recording Player\u548cWebex Player\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.