CVE编号
CVE-2019-1924利用情况
暂无补丁情况
N/A披露时间
2019-08-08漏洞描述
适用于Microsoft Windows的Cisco Webex网络录制播放器和适用于Microsoft Windows的Cisco Webex播放器中的多个漏洞可能允许攻击者在受影响的系统上执行任意代码。存在漏洞是因为受影响的软件不正确地验证了高级记录格式(ARF)和Webex记录格式(WRF)文件。攻击者可以通过链接或电子邮件附件向用户发送恶意ARF或WRF文件并说服用户使用本地系统上受影响的软件打开文件来利用这些漏洞。成功利用可能允许攻击者使用目标用户的权限在受影响的系统上执行任意代码。解决建议
厂商已发布了漏洞修复程序,请及时关注更新:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player
参考链接 |
|
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_business_suite | * |
Up to (excluding) 39.5.5 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_meetings_online | * |
Up to (excluding) 1.3.43 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_meetings_server | 2.8 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_meetings_server | 3.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_meetings_server | 3.0mr2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | webex_meetings_server | 4.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | sqlite | * |
Up to (excluding) 4.19.91-21.al7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | sqlite | * |
Up to (excluding) 3.28.0-r2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | sqlite | * |
Up to (excluding) 3.30.1-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | sqlite | * |
Up to (excluding) 3.30.1-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | sqlite | * |
Up to (excluding) 3.30.1-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.8 | sqlite | * |
Up to (excluding) 3.25.3-r3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | sqlite | * |
Up to (excluding) 3.28.0-r2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | sqlite | * |
Up to (excluding) 3.30.1-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_2 | sqlite | * |
Up to (excluding) 5.9.6-1.amzn2.0.3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | oniguruma | * |
Up to (excluding) 5.9.6-1.amzn2.0.3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | sqlite3 | * |
Up to (excluding) 7.3.20-1.module+el8.2.0+7373+b272fdef |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | sqlite | * |
Up to (excluding) 6.9.1-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | sqlite | * |
Up to (excluding) 5.9.5-3.2+deb8u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | sqlite | * |
Up to (excluding) 6.1.3-2+deb9u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | sqlite | * |
Up to (excluding) 6.9.4-1.fc31 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | sqlite3 | * |
Up to (excluding) 0-3.36.0-lp152.4.3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | sqlite3 | * |
Up to (excluding) 3.36.0-3.12.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_8 | sqlite | * |
Up to (excluding) 1.5.2-1.module+el8.2.0+5569+98c8b30d |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | sqlite3 | * |
Up to (excluding) 7.3.20-1.module+el8.2.0+7784+4033621d |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | sqlite3 | * |
Up to (excluding) 7.3.20-1.module+el8.2.0+7373+b272fdef |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | sqlite3 | * |
Up to (excluding) 0-3.36.0-9.18.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04_lts | libonig | * |
Up to (excluding) 5.9.1-1ubuntu1.1+esm2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04_lts | linux | * |
Up to (excluding) 4.2.0-16.19 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04_lts | linux | * |
Up to (excluding) 4.13.0-16.19 |
|||||
- 攻击路径 本地
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 需要
- 可用性 高
- 保密性 高
- 完整性 高
还没有评论,来说两句吧...