First published: Thu Oct 08 2020(Updated: )
A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Teams | >=3.0.13464.0<=3.0.16040.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3535 is a vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows.
CVE-2020-3535 has a severity score of 8.4 which is considered high.
CVE-2020-3535 affects the Cisco Webex Teams client for Windows.
CVE-2020-3535 requires the attacker to have valid credentials on the Windows system.
Yes, Cisco has provided a security advisory with remediation steps. Please refer to the following reference for more details: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN)