Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
Vulnerability Description
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Cisco Webex Teams代码问题漏洞
Vulnerability Description
Cisco Webex Teams是美国思科(Cisco)公司的一款用于团队协作的软件。该软件可为团队提供线上沟通,拥有共享文件、数字白板、视频会议等功能。 多款 Cisco 产品中存在代码问题漏洞,该漏洞源于运行时对目录路径的不正确处理造成的,攻击者通过获得有效Windows凭据后,可利用该漏洞对受影响的设备执行DLL注入攻击。以下产品及型号受到影响: Cisco Webex meeting Desktop App for Windows、Cisco Webex meeting Server、Cisco
CVSS Information
N/A
Vulnerability Type
N/A