CVE-2019-1855

CWE-264CWE-4274 documents4 sources
Severity
7.3HIGH
EPSS
0.7%
top 28.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Jabber FOR WindowsCisco Jabber
Timeline
PublishedJul 4
Latest updateMay 24

Description

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a speci

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_jabber_for_windowsunspecified12.6(0)
NVDcisco/jabber< 12.6\(2\)

🔴Vulnerability Details

2
GHSA
GHSA-m3pw-gwv9-w25w: A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker t2022-05-24
CVEList
Cisco Jabber for Windows DLL Preloading Vulnerability2019-07-04

📋Vendor Advisories

1
Cisco
Cisco Jabber for Windows DLL Preloading Vulnerability2019-07-03
CVE-2019-1855 (HIGH CVSS 7.3) | A vulnerability in the loading mech | cvebase.io