First published: Wed Oct 24 2018(Updated: )
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Desktop | <33.6.4 | |
Cisco WebEx Productivity Tools | >=32.6.0<33.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15442 is a vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows that allows an authenticated, local attacker to execute arbitrary commands as a privileged user.
CVE-2018-15442 affects Cisco Webex Meetings Desktop App for Windows by allowing an attacker to execute arbitrary commands as a privileged user.
The severity of CVE-2018-15442 is high, with a CVSS score of 7.8.
An attacker can exploit CVE-2018-15442 by taking advantage of insufficient validation of user-supplied parameters.
Yes, Cisco has released a security advisory with fixes for CVE-2018-15442. Please refer to the official Cisco website for more information.