CVE-2018-0104
moderate-risk
Published 2018-01-04
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/102382
Third Party Advisory
http://www.securityfocus.com/bid/102382
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
10/34 · Low