Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging operating system remote management tools.
Cisco has released the following software updates to remediate the vulnerability:
- Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1; and
- Cisco Webex Productivity Tools Release 33.0.7
For additional information, please visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj?emailclick=CNSemail