CVE-2018-0422

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings client for Windows (affected versions not specified) Cisco Webex Meetings Suite (affected versions not specified) Cisco Webex Meetings (affected versions not specified) Cisco Webex Meetings Server (affected versions not specified) Cisco WebEx Network Recording Player (affected versions not specified)

Description A vulnerability in the folder permissions of Cisco Webex Meetings client could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The issue is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device.

Recommendations For Cisco Webex Meetings client for Windows, consider restricting access to the Webex client directory to minimize the risk of exploitation. For Cisco Webex Meetings Suite, temporarily disabling the execution of files from the Webex folders may help mitigate the risk until a fix is available. For Cisco Webex Meetings, restricting the ability of users to write to the Webex client directory can help reduce the risk of exploitation. For Cisco Webex Meetings Server, limiting access to the server's file system may help prevent exploitation. For Cisco WebEx Network Recording Player, avoiding the execution of unknown or untrusted files may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.