First published: Thu Apr 18 2019(Updated: )
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Meeting Server | =2.2 | |
=2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1794 is a vulnerability in the search path processing of Cisco Directory Connector that could allow an authenticated, local attacker to load a binary of their choosing.
CVE-2019-1794 occurs due to uncontrolled search path elements in Cisco Directory Connector.
The severity of CVE-2019-1794 is medium (CVSS score 5.1).
Cisco Meeting Server version 2.2 is affected by CVE-2019-1794.
An attacker can exploit CVE-2019-1794 by placing a binary of their choosing.