Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1674OS Command Injection in Cisco Webex Meetings Desktop APP

CWE-78OS Command Injection5 documents5 sources
Severity
8.8HIGHNVD
CNA7.8
EPSS
23.8%
top 3.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Cisco Webex Meetings Desktop APPCisco Webex Productivity ToolsCisco Webex Meetings+2 more
Timeline
PublishedFeb 28
Latest updateMay 13

Description

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. W

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDcisco/webex_productivity_tools32.6.033.0.7
CVEListV5cisco/cisco_webex_productivity_toolsunspecified33.0.7
CVEListV5cisco/cisco_webex_meetings_desktop_appunspecified33.6.6+1
NVDcisco/webex_meetings< 33.6.6
NVDcisco/webex_meetings_online4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-r6w6-ww22-j2ff: A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated,2022-05-13
CVEList
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability2019-02-28

💥Exploits & PoCs

1
Exploit-DB
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation2019-03-01

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability2019-02-27
CVE-2019-1674 — OS Command Injection in Cisco | cvebase