TTCSIRT-162.090718: TT-CSIRT Advisory – Cisco Security Updates

TTCSIRT-162.090718: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has discovered a vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. This issue is due to folder permissions that grant a user the permission to read, write and execute files in the Webex folders.

An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges.

Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe