CVE-2018-0438

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Enterprise Roaming Client (ERC) (affected versions not specified)

Description A vulnerability exists due to improper implementation of file system permissions, allowing non-administrative users to place files within restricted directories. An authenticated, local attacker could exploit this by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. The attacker must authenticate with valid local user credentials to exploit the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.