var-201609-0383
Vulnerability from variot
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. An attacker can exploit this issue to execute arbitrary code on the affected system with privileges of the user. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCva09375. Cisco WebEx Meetings Player T29.10 is vulnerable; other versions may also be affected. The vulnerability stems from the fact that the program does not properly handle user-supplied files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webex wrf player t29",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "sp10_base"
},
{
"model": "webex meetings",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "player t29.10"
},
{
"model": "webex meetings player t31",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t30",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t29.10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t29",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t31r2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t31.5.20",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t30.12.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings player t29.13.112",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92708"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:webex_meetings",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher, COSIG.",
"sources": [
{
"db": "BID",
"id": "92708"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1464",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-90283",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-1464",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1464",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1464",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-539",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90283",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. \nAn attacker can exploit this issue to execute arbitrary code on the affected system with privileges of the user. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID CSCva09375. \nCisco WebEx Meetings Player T29.10 is vulnerable; other versions may also be affected. The vulnerability stems from the fact that the program does not properly handle user-supplied files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1464"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "BID",
"id": "92708"
},
{
"db": "VULHUB",
"id": "VHN-90283"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90283",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1464",
"trust": 2.8
},
{
"db": "BID",
"id": "92708",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "40508",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036712",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34702",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "139134",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90283",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
},
{
"db": "BID",
"id": "92708"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"id": "VAR-201609-0383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
}
],
"trust": 0.725
},
"last_update_date": "2024-11-23T21:42:46.723000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160831-meetings-player",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
},
{
"title": "Cisco WebEx Meetings Player Fixes for remote arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63836"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-meetings-player"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92708"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40508/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036712"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1464"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1464"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34702"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90283"
},
{
"db": "BID",
"id": "92708"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90283"
},
{
"db": "BID",
"id": "92708"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90283"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92708"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"date": "2016-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"date": "2016-09-03T20:59:05.140000",
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90283"
},
{
"date": "2016-10-26T00:18:00",
"db": "BID",
"id": "92708"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004531"
},
{
"date": "2016-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-539"
},
{
"date": "2024-11-21T02:46:29.570000",
"db": "NVD",
"id": "CVE-2016-1464"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco WebEx Meetings Player Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-539"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.