Skip to main content

Webex Meetings Online CVE-2018-0422

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2018-10-05 psirt@cisco.com
7.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 05, 2018 - 14:29 nvd
HIGH 7.3

DescriptionNVD

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.

AnalysisAI

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur. Affected products include: Cisco Webex Meetings Online, Cisco Webex Meetings Server, Cisco Webex Business Suite 32, Cisco Webex Business Suite 33, Cisco Webex Business Suite 31.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2019-1674 HIGH POC
8.8 Feb 28

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows

CVE-2022-20763 HIGH
8.8 Apr 06

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attac

CVE-2018-0287 HIGH
8.8 May 02

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an una

CVE-2021-1536 HIGH
7.8 Jun 04

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Record

CVE-2021-1502 HIGH
7.8 Jun 04

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and Mac

CVE-2020-3194 HIGH
7.8 Apr 15

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windo

CVE-2020-3128 HIGH
7.8 Mar 04

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

CVE-2020-3127 HIGH
7.8 Mar 04

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

CVE-2019-15286 HIGH
7.8 Nov 26

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

CVE-2019-15284 HIGH
7.8 Nov 26

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

CVE-2019-1929 HIGH
7.8 Aug 07

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

CVE-2019-1928 HIGH
7.8 Aug 07

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Micros

Share

CVE-2018-0422 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy