Cisco Bug: CSCvu29136 - Cisco Webex Meetings Desktop App for Windows Insecure DLL Search Order
Jun 04, 2020
- Cisco Webex Meetings Online
Known Affected Releases
Symptom: Cisco Webex Meetings Desktop App for Windows insecurely searches for DLL libraries in user profile temporary directories during system installation. By default, temporary directories within the path of the application require administrator privileges to write to the directory. A local user with administrator privileges could place a file in the path of the application and leverage this behavior to cause the application to load malicious libraries. However, the attacker could gain no additional privileges on the system as a result of leveraging this issue, because the user must already have privileges to write to critical system areas and already exerts complete control over the system. Conditions: An attacker on the local system with administrator privileges.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases