![]() This vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7, when running on a Microsoft Windows end-user system. This advisory is available at the following link: There are no workarounds that address this vulnerability. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.Ĭisco has released software updates that address this vulnerability. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. The vulnerability is due to insufficient validation of user-supplied parameters. A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |