Privilege escalation in Cisco Webex Meetings Desktop App and Webex Productivity Tools

1) OS Command Injection

EUVDB-ID: #VU17883

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-1674

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code on the target system with elevated privileges.

The vulnerability exists due to improper input validation when processing parameters passed via CLI. A local user can launch the application with a specially crafted argument and execute arbitrary OS command with SYSTEM privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Webex Productivity Tools: 33.0.0 - 33.0.6

Cisco Webex Meetings Desktop App: 33.6.0 - 33.6.5

CPE2.3

• cpe:2.3:a:cisco_systems:cisco_webex_productivity_tools:33.0.6:*:*:*:*:*:*:*
• cpe:2.3:a:cisco_systems:cisco_webex_productivity_tools:33.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:cisco_systems:cisco_webex_productivity_tools:33.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:cisco_systems:cisco_webex_meetings_desktop_app:33.6.5:*:*:*:*:*:*:*
• cpe:2.3:a:cisco_systems:cisco_webex_meetings_desktop_app:33.6.4:*:*:*:*:*:*:*
• cpe:2.3:a:cisco_systems:cisco_webex_meetings_desktop_app:33.6.0:*:*:*:*:*:*:*

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.