CVE-2019-1636

CWE-78OS Command Injection5 documents5 sources
Severity
7.8HIGH
EPSS
5.6%
top 9.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedJan 23
Latest updateMay 13

Description

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/webex_teams3.0.4533

🔴Vulnerability Details

3
GHSA
GHSA-wrf3-rqxm-457j: A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system2022-05-13
Kernel
powerpc/tm: Fix oops on sigreturn on systems without TM2019-07-19
CVEList
Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability2019-01-23

📋Vendor Advisories

1
Cisco
Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability2019-01-23
CVE-2019-1636 (HIGH CVSS 7.8) | A vulnerability in the Cisco Webex | cvebase.io