Lucene search

CiscoCVE-2018-15442

HistoryOct 24, 2018 - 7:29 p.m.

CVE-2018-15442

2018-10-2419:29:00

CWE-78

cisco

web.nvd.nist.gov

122

cve-2018-15442

cisco

webex

meetings

desktop app

windows

vulnerability

update service

authentication

local attacker

arbitrary commands

privilege escalation

cvss

remote exploitation

active directory

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.109

Percentile

95.2%

JSON

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Affected configurations

Nvd

Node

ciscowebex_meetings_desktopRange<33.6.4windows

ciscowebex_productivity_toolsRange32.6.0–33.0.6

VendorProductVersionCPE
ciscowebex_meetings_desktop*cpe:2.3:a:cisco:webex_meetings_desktop:*:*:*:*:*:windows:*:*
ciscowebex_productivity_tools*cpe:2.3:a:cisco:webex_productivity_tools:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meetings_desktop	*	cpe:2.3:a:cisco:webex_meetings_desktop::::::windows::*
cisco	webex_productivity_tools	*	cpe:2.3:a:cisco:webex_productivity_tools::::::::

CNA Affected

[
  {
    "product": "Cisco WebEx Event Center",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "33.5.0"
      }
    ]
  }
]