To determine whether a vulnerable version of Cisco Webex Productivity Tools is installed on a Windows machine, users can right-click the Webex Productivity Tools icon on the Windows taskbar and select About from the menu a popup window displaying the currently installed version will open. This is also documented in the article Check the Cisco Webex Meetings Desktop App Version. menu entry a popup window displaying the currently installed version will open. To determine whether a vulnerable version of Cisco Webex Meetings Desktop App is installed on a Windows machine, users can launch the Cisco Webex Meetings application and click the gear icon in the top right of the application window, then choose the About. This vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7, when running on a Microsoft Windows end-user system. This advisory is available at the following link: There are no workarounds that address this vulnerability. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.Ĭisco has released software updates that address this vulnerability. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. The vulnerability is due to insufficient validation of user-supplied parameters. A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |