CVE-2019-16000

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Roaming Client for Windows (affected versions not specified)

Description A vulnerability in the automatic update process could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The issue is due to insufficient verification of the Windows Installer. An attacker could exploit this by placing a file in a specific location in the Windows file system, potentially bypassing configured policy and installing unapproved applications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.