CVE-2019-16001

CWE-4274 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 59.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Webex Teams
Timeline
PublishedNov 26
Latest updateMay 24

Description

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

CVEListV5cisco/cisco_webex_teamsunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-fvwq-fqr3-fwqf: A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attac2022-05-24
CVEList
Cisco Webex Teams for Windows DLL Hijacking Vulnerability2019-11-26

📋Vendor Advisories

1
Cisco
Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability2019-11-20
CVE-2019-16001 (MEDIUM CVSS 5.3) | A vulnerability in the loading mech | cvebase.io