CVE-2020-3535

CWE-4274 documents4 sources
Severity
8.4HIGH
EPSS
0.1%
top 66.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex TeamsCisco Cisco Webex Teams
Timeline
PublishedOct 8
Latest updateMay 24

Description

A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when th

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/webex_teams3.0.13464.03.0.16040.0

🔴Vulnerability Details

2
GHSA
GHSA-v4rq-rq59-hgx8: A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to2022-05-24
CVEList
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability2020-10-08

📋Vendor Advisories

1
Cisco
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability2020-10-07
CVE-2020-3535 (HIGH CVSS 8.4) | A vulnerability in the loading mech | cvebase.io