ZDNET: Cisco releases patch for Windows 10 Desktop Webex Version - Patch It Now


(Howard) #1

ZDNET reported that CISCO is urging customers who use the WebX Windows Desktop version to patch it now.
"Cisco has released a security update for Webex Meetings which resolves an exploitable vulnerability leading to privilege escalation.

The security flaw, CVE-2018-15442, exists in the Cisco Webex Meetings Desktop App for Windows and “could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.”

A failure to sufficiently validate user-supplied parameters in the app has caused the problem, which can be exploited by a threat actor who invokes the update service command with a crafted argument.

This could force the system to run arbitrary commands with system user privileges.

*According to Cisco’s security advisory, all Cisco Webex Meetings Desktop App releases prior to 33.6.0, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.5 on the Microsoft Windows operating system are affected."