Multiple Cisco Products CVE-2019-1674 Local Command Injection Vulnerability

Multiple Cisco Products are prone to an local command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands with SYSTEM user privileges; this may aid in further attacks.

This issue being tracked by Cisco Bug ID CSCvn55874.


Bugtraq ID: 107184
Class: Input Validation Error
Remote: No
Local: Yes
Published: Feb 27 2019 12:00AM
Updated: Feb 27 2019 12:00AM
Credit: Marcos Accossatto from SecureAuth
Vulnerable: Cisco WebEx Productivity Tools 33.0.5
Cisco WebEx Productivity Tools 32.6
Cisco Webex Meetings Online T33.6.2
Cisco Webex Meetings Online T33.6.1
Cisco Webex Meetings Online T33.6.0
Cisco Webex Meetings Online T33.0.5
Cisco Webex Meetings Desktop App 0

Not Vulnerable: Cisco WebEx Productivity Tools 33.0.7
Cisco Webex Meetings Desktop App 33.6.6


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts