CVE-2020-3535

Name of the Vulnerable Software and Affected Versions Cisco Webex Teams for Windows (affected versions not specified)

Description The issue is related to errors in handling directory paths, which can be exploited by an attacker to load a malicious library. This can occur when a malicious DLL file is placed in a specific location on the targeted system, allowing the attacker to execute arbitrary code with the privileges of another user's account. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

Recommendations To resolve the issue, update to a version of Cisco Webex Teams for Windows that correctly handles directory paths at run time. As a temporary workaround, consider restricting access to the directory where the DLL files are loaded to minimize the risk of exploitation. Avoid placing untrusted DLL files in locations where they could be loaded by the vulnerable application.