CVE-2019-16001

Name of the Vulnerable Software and Affected Versions Cisco Webex Teams for Windows (affected versions not specified) Cisco Webex Meetings Client (affected versions not specified) Cisco Webex Team (affected versions not specified)

Description A vulnerability in the loading mechanism of specific dynamic link libraries could allow an authenticated, local attacker to perform a DLL hijacking attack. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.

Recommendations For Cisco Webex Teams for Windows, consider disabling the loading of external DLL files until a patch is available. For Cisco Webex Meetings Client, restrict access to the vulnerable DLL loading mechanism to minimize the risk of exploitation. For Cisco Webex Team, avoid using the vulnerable application until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.