Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20171004-CMA
HistoryOct 04, 2017 - 4:00 p.m.

Cisco Meeting App Local Privilege Escalation Vulnerability

2017-10-0416:00:00
tools.cisco.com
38

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App.

The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma”]

Affected configurations

Vulners
Node
ciscomeeting_appMatchany
OR
ciscomeeting_appMatchany
VendorProductVersionCPE
ciscomeeting_appanycpe:2.3:a:cisco:meeting_app:any:*:*:*:*:*:*:*

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2017-12266
2017-10-05 07:29:00
prion
prion
Input validation
2017-10-05 07:29:00
cve
cve
CVE-2017-12266
2017-10-05 07:29:00
cvelist
cvelist
CVE-2017-12266
2017-10-05 07:00:00

EPSS

0

Percentile

5.1%

JSON
Related for CISCO-SA-20171004-CMA
nvd1prion1cve1cvelist1