high
7.3
CWE
22
Advisory Published

cisco-sa-webex-vdi-qQrpBwuJ: Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability

First published: Wed Nov 04 2020(Updated: )

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ

Affected SoftwareAffected VersionHow to fix
Cisco Webex Meetings

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of cisco-sa-webex-vdi-qQrpBwuJ?

    The severity of cisco-sa-webex-vdi-qQrpBwuJ is considered high due to the potential for local attackers to execute arbitrary code.

  • How do I fix cisco-sa-webex-vdi-qQrpBwuJ?

    To fix cisco-sa-webex-vdi-qQrpBwuJ, update your Cisco Webex Meetings Desktop App to the latest version provided by Cisco.

  • Who is affected by cisco-sa-webex-vdi-qQrpBwuJ?

    The vulnerability affects users of the Cisco Webex Meetings Desktop App when deployed in a virtual desktop environment.

  • What type of vulnerability is cisco-sa-webex-vdi-qQrpBwuJ?

    cisco-sa-webex-vdi-qQrpBwuJ is a local code execution vulnerability related to virtualization channel messaging in the Cisco Webex Meetings Desktop App.

  • Can cisco-sa-webex-vdi-qQrpBwuJ be exploited remotely?

    No, cisco-sa-webex-vdi-qQrpBwuJ requires local access to the targeted system to be exploited.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203