CVE-2018-0449

CWE-275CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
4.2MEDIUM
EPSS
0.0%
top 88.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Jabber FOR MACCisco Jabber
Timeline
PublishedJan 10
Latest updateMay 13

Description

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attack

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.6 | Impact: 3.6

Affected Packages2 packages

NVDcisco/jabber12.1\(0\)

🔴Vulnerability Details

2
GHSA
GHSA-f582-3xw4-gr8w: A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticate2022-05-13
CVEList
Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability2019-01-10

📋Vendor Advisories

1
Cisco
Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability2019-01-09
CVE-2018-0449 (MEDIUM CVSS 4.2) | A vulnerability in the Cisco Jabber | cvebase.io