CVE-2018-15409 (CNNVD-201810-200)
中文标题:
Cisco Webex Network Recording Player和Webex Player 输入验证漏洞
英文标题:
Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
漏洞描述
中文描述:
Cisco Webex Network Recording Player和Webex Player都是美国思科(Cisco)公司的用于播放视频会议记录的播放器。 基于Windows平台的Cisco Webex Network Recording Player和Webex Player中存在输入验证漏洞,该漏洞源于软件对Advanced Recording Format (ARF)和Webex Recording Format (WRF)文件验证不当。攻击者可通过发送恶意的ARF或WRF文件利用该漏洞在受影响的系统上执行任意代码。以下产品和版本受到影响:Cisco Webex Network Recording Player和Webex Player WBS31.23之前版本(Cisco Webex Business Suite WBS31 sites);Webex Network Recording Player和Webex Player WBS32.15.20之前版本(Cisco Webex Business Suite WBS32 sites);Webex Network Recording Player和Webex Player WBS33.4之前版本(Cisco Webex Business Suite WBS33 sites);Webex Network Recording Player和Webex Player 1.3.37之前版本(Cisco Webex Meetings Online);Webex Network Recording Player 3.0MR2 Patch 1之前版本(Cisco Webex Meetings Server)。
英文描述:
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco WebEx WRF Player | n/a | - | - |
cpe:2.3:a:cisco:cisco_webex_wrf_player:n_a:*:*:*:*:*:*:*
|
| cisco | webex_meetings_online | * | - | - |
cpe:2.3:a:cisco:webex_meetings_online:*:*:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.5 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release5_patch1:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.5.1.29 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.6 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.6:*:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.7 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.7:*:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.7.1 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*
|
| cisco | webex_meetings_server | 2.8 | - | - |
cpe:2.3:a:cisco:webex_meetings_server:2.8:*:*:*:*:*:*:*
|
| cisco | webex_business_suite_31 | * | - | - |
cpe:2.3:a:cisco:webex_business_suite_31:*:*:*:*:*:*:*:*
|
| cisco | webex_business_suite_33 | * | - | - |
cpe:2.3:a:cisco:webex_business_suite_33:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-15409 |
2025-11-11 15:19:41 | 2025-11-11 07:35:07 |
| NVD | nvd_CVE-2018-15409 |
2025-11-11 14:55:59 | 2025-11-11 07:43:41 |
| CNNVD | cnnvd_CNNVD-201810-200 |
2025-11-11 15:10:05 | 2025-11-11 07:54:04 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-201810-200
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 10
- data_sources: ['cve'] -> ['cve', 'nvd']