PT-2019-1381 · Cisco · Cisco Jabber Client Framework

Published

2019-01-09

Updated

2020-08-28

CVE-2018-0449

CVSS v2.0

5.2

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Cisco Jabber Client Framework (affected versions not specified)

Description The issue is related to insecure directory permissions set on a directory created by the Cisco Jabber Client Framework, allowing an authenticated, local attacker to corrupt arbitrary files on an affected device with elevated privileges. An attacker could create a hard link to an arbitrary location on the system, potentially allowing files to be created in any location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. The vulnerability exists due to improper handling of permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-275

Related Identifiers

BDU:2019-00743

CVE-2018-0449

Affected Products

Cisco Jabber Client Framework

PT-2019-1381 · Cisco · Cisco Jabber Client Framework

CVE-2018-0449

Weakness Enumeration

Related Identifiers

Affected Products

References · 5