CVE-2019-1794

Name of the Vulnerable Software and Affected Versions Cisco Directory Connector (affected versions not specified)

Description The issue is related to uncontrolled search path elements in the search path processing of Cisco Directory Connector. This could allow an authenticated, local attacker to load a binary of their choosing by placing it earlier in the search path utilized by the connector to locate and load required resources. The vulnerability is also associated with errors in the mechanism for checking the search path of dynamically loaded libraries (DLL), which could enable an attacker to gain unauthorized access to protected information by loading an arbitrary binary file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.