How severe is CVE-2018-0264?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2018-0264?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2018-0264

CRITICAL Year: 2018

CVSS v3 Score

9.6

Critical

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457.

CVE-2016-1706

CRITICAL

CVSS:9.6(Critical)

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows rem...

CWE-202016

CVE-2017-14589

CRITICAL

CVSS:9.6(Critical)

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a...

CWE-202017

CVE-2017-15402

CRITICAL

CVSS:9.6(Critical)

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior...

CWE-202017

CVE-2018-0104

CRITICAL

CVSS:9.6(Critical)

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker...

CWE-202018

CVE-2018-11314

CRITICAL

CVSS:9.6(Critical)

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be ex...

CWE-202018

CVE-2018-11316

CRITICAL

CVSS:9.6(Critical)

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to ...

CWE-202018

CVE-2018-0264

Vulnerability Description

Related Vulnerabilities

CVE-2016-1706

CVE-2017-14589

CVE-2017-15402

CVE-2018-0104

CVE-2018-11314

CVE-2018-11316