CVE-2018-0422 — Incorrect Permission Assignment in Cisco Webex Business Suite 32

CWE-732 — Incorrect Permission Assignment CWE-2644 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.4%

top 36.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Business Suite 32 Cisco Webex Business Suite 33 Cisco Webex Meetings Online +1 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users …

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/webex_meetings_online< 1.3.37+2

▶NVDcisco/webex_meetings_server3.0+1

▶NVDcisco/webex_business_suite_32< 32.15.20

▶NVDcisco/webex_business_suite_33< 33.4

🔴Vulnerability Details

GHSA

GHSA-9mx2-579m-fvfq: A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally st↗2022-05-13

▶

CVEList

CVE-2018-0422: A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally st↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Client for Windows Privilege Escalation Vulnerability↗2018-09-05

▶