CVE-2019-1674

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Desktop App versions prior to 33.6.6 and 33.9.1 Cisco Webex Productivity Tools versions prior to 33.0.7

Description A vulnerability in the update service could allow an authenticated, local attacker to execute arbitrary commands as a privileged user due to insufficient validation of user-supplied parameters. An attacker could exploit this by invoking the update service command with a crafted argument, potentially running arbitrary commands with SYSTEM user privileges. In Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Recommendations For Cisco Webex Meetings Desktop App versions prior to 33.6.6 and 33.9.1, update to Release 33.6.6 or 33.9.1. For Cisco Webex Productivity Tools versions prior to 33.0.7, update to Release 33.0.7. As a temporary workaround, consider restricting access to the update service command until a patch is applied.