admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-33xx/CVE-2020-3319.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

154 lines
6.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-3319",
"sourceIdentifier": "psirt@cisco.com",
"published": "2020-06-03T17:15:25.733",
"lastModified": "2024-11-21T05:30:48.023",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Webex Network Recording Player y Cisco Webex Player para Microsoft Windows, podr\u00eda permitir a un atacante causar un bloqueo del proceso resultando en una condici\u00f3n de Denegaci\u00f3n de servicio (DoS) para la aplicaci\u00f3n del reproductor sobre un sistema afectado. La vulnerabilidad se presenta debido a una comprobaci\u00f3n insuficiente de determinados elementos con una grabaci\u00f3n de Webex almacenada en el Advanced Recording Format (ARF) o en el Webex Recording Format (WRF). Un atacante podr\u00eda explotar esta vulnerabilidad al enviar a un usuario un archivo ARF o WRF malicioso por medio de un enlace o archivo adjunto de correo electr\u00f3nico y persuadiendo al usuario de abrir el archivo con el software afectado en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que la aplicaci\u00f3n del reproductor Webex se bloquee cuando tratan de visualizar el archivo malicioso. Esta vulnerabilidad afecta a las versiones de Cisco Webex Network Recording Player y Webex Player anteriores a la versi\u00f3n 3.0 MR3 Security Patch 2 y 4.0 MR3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "psirt@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "25A839E1-6437-49B2-9906-D61298FC366B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:webex_network_recording_player:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "E922D69B-C5A1-40FD-AF7C-7BC7DF30E5B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:webex_player:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "B464C74B-64E8-4DEB-A642-3AAC577DF8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254",
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs98254",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink