Friday, 23 June 2017

On 00:26 by admin   No comments
A vulnerability, which was classified as critical, has been found in Cisco WebEx Network Recording Player up to T29.13/T30.16/T31.9. Affected by this issue is an unknown function of the component ARF File Handler. The manipulation with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability.

The weakness was shared 06/21/2017 as cisco-sa-20170621-wnrp / CSCvc47758 / CSCvc51227 / CSCvc51242 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is handled as CVE-2017-6669. The attack may be launched remotely. A single authentication is needed for exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 06/23/2017).

Upgrading to version T29.13.130, T30.17 or T31.10 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1038737).

CVSSv3

VulDB Base Score5.5
VulDB Temp Score5.3
VulDB VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
VulDB Reliability: High

Vendor Base Score (Cisco): 7.3
Vendor Vector (Cisco)CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

CVSSv2

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
VulDB Temp Score5.2 (CVSS2#E:ND/RL:OF/RC:C)
VulDB Reliability: High


CPE
  • cpe:/a:cisco:webex_network_recording_player:t29.13
  • cpe:/a:cisco:webex_network_recording_player:t30.16
  • cpe:/a:cisco:webex_network_recording_player:t31.9

Exploiting

Class: Buffer overflow (CWE-119)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k
Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: WebEx Network Recording Player T29.13.130/T30.17/T31.10

Timeline

06/21/2017   Advisory disclosed
06/21/2017  +0 days Countermeasure disclosed
06/21/2017  +0 days SecurityTracker entry created
06/23/2017  +2 days VulDB entry created
06/23/2017  +0 days VulDB last update

Sources

Advisorycisco-sa-20170621-wnrp / CSCvc47758 / CSCvc51227 / CSCvc51242
Status: Confirmed

CVE: CVE-2017-6669 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityTracker1038737 - Cisco WebEx Network Recording Player Buffer Overflows in Processing Files Let Remote Users Execute Arbitrary Code

0 comments:

Post a comment