Multiple Cisco Products CVE-2019-1674 Local Command Injection Vulnerability

Multiple Cisco Products are prone to an local command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands with SYSTEM user privileges; this may aid in further attacks.

This issue being tracked by Cisco Bug ID CSCvn55874.

Information

Bugtraq ID: 107184
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Feb 27 2019 12:00AM
Updated: Feb 27 2019 12:00AM
Credit: Marcos Accossatto from SecureAuth
Vulnerable: Cisco WebEx Productivity Tools 33.0.5
Cisco WebEx Productivity Tools 32.6
Cisco Webex Meetings Online T33.6.2
Cisco Webex Meetings Online T33.6.1
Cisco Webex Meetings Online T33.6.0
Cisco Webex Meetings Online T33.0.5
Cisco Webex Meetings Desktop App 0

Not Vulnerable: Cisco WebEx Productivity Tools 33.0.7
Cisco Webex Meetings Desktop App 33.6.6

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Cisco Homepage (Cisco )
  
• Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Servi (Cisco)
  
• Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 ()
  

Source: www.securityfocus.com