Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
Vulnerability Description
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Webex Meetings Desktop App和Webex Productivity Tools 操作系统命令注入漏洞
Vulnerability Description
Cisco Webex Meetings Desktop App和Webex Productivity Tools都是美国思科(Cisco)公司的产品。Cisco Webex Meetings Desktop App是一款视频会议解决方案的桌面应用程序。Webex Productivity Tools是一款视频会议预约、管理工具。update service是其中的一个更新服务。 基于Windows平台的Cisco Webex Meetings Desktop App 33.6.0之前版本和Webex P
CVSS Information
N/A
Vulnerability Type
N/A