CVE-2018-15442

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Desktop App for Windows (affected versions not specified) Cisco Webex Productivity Tools for Windows (affected versions not specified)

Description A vulnerability in the update service could allow an authenticated, local attacker to execute arbitrary commands as a privileged user due to insufficient validation of user-supplied parameters. The vulnerability can be exploited by invoking the update service command with a crafted argument, potentially allowing the attacker to run arbitrary commands with SYSTEM user privileges. In Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Recommendations For Cisco Webex Meetings Desktop App for Windows, consider disabling the update service until a patch is available to prevent exploitation. For Cisco Webex Productivity Tools for Windows, restrict access to the update service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.