7.3 - CVE-2018-0422

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2018-0422	First vendor Publication	2018-10-05
Vendor	Cve	Last vendor Modification	2019-10-03

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score	7.3
Base Score	7.3	Environmental Score	7.3
impact SubScore	5.9	Temporal Score	7.3
Exploitabality Sub Score	1.3

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0422

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Webex Business Suite 31 cpe:2.3:a:cisco:webex_business_suite_31::::::::	1
Application	Cisco Webex Business Suite 32 cpe:2.3:a:cisco:webex_business_suite_32:32.15.10:::::::* cpe:2.3:a:cisco:webex_business_suite_32:::::::: cpe:2.3:a:cisco:webex_business_suite_32:-:::::::*	3
Application	Cisco Webex Business Suite 33 cpe:2.3:a:cisco:webex_business_suite_33:33.3:::::::* cpe:2.3:a:cisco:webex_business_suite_33:33.2:::::::* cpe:2.3:a:cisco:webex_business_suite_33:33.1:::::::* cpe:2.3:a:cisco:webex_business_suite_33:33.0:::::::* cpe:2.3:a:cisco:webex_business_suite_33::::::::	5
Application	Cisco Webex Meetings Online cpe:2.3:a:cisco:webex_meetings_online:1.3.35:::::::* cpe:2.3:a:cisco:webex_meetings_online:1.3.33:::::::* cpe:2.3:a:cisco:webex_meetings_online:wbs42.2.1-1:::::::* cpe:2.3:a:cisco:webex_meetings_online:t39.6.0:::::::* cpe:2.3:a:cisco:webex_meetings_online:t39.3:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.6.2:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.6.1:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.6.0:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.5.1:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.4.0:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.3.5:::::::* cpe:2.3:a:cisco:webex_meetings_online:t33.0.5:::::::* cpe:2.3:a:cisco:webex_meetings_online:t32.9:::::::* cpe:2.3:a:cisco:webex_meetings_online:t32.7:::::::* cpe:2.3:a:cisco:webex_meetings_online:t32:::::::* cpe:2.3:a:cisco:webex_meetings_online:t31.23.2:::::::* cpe:2.3:a:cisco:webex_meetings_online:t31.23:::::::* cpe:2.3:a:cisco:webex_meetings_online:t31.20.2:::::::* cpe:2.3:a:cisco:webex_meetings_online:t31.20:::::::* cpe:2.3:a:cisco:webex_meetings_online:t31:::::::* cpe:2.3:a:cisco:webex_meetings_online:t30:::::::* cpe:2.3:a:cisco:webex_meetings_online:::::::: cpe:2.3:a:cisco:webex_meetings_online:-:::::::*	23
Application	Cisco Webex Meetings Server cpe:2.3:a:cisco:webex_meetings_server:3.0mr2:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0mr2:::::::* cpe:2.3:a:cisco:webex_meetings_server:3.0%281%29:::::::* cpe:2.3:a:cisco:webex_meetings_server:3.0(1):::::::* cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::* cpe:2.3:a:cisco:webex_meetings_server:3.0:-:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:mr1:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:::::: cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:::::: cpe:2.3:a:cisco:webex_meetings_server:2.8%281%29:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.8(1):::::::* cpe:2.3:a:cisco:webex_meetings_server:2.8_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.8:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.8:base:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7.1:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7.0:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.7:base:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7:maintenance_release1_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.7:maintenance_release2_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6.0.8:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6.0:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch_2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release1_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release2_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release3_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.6:maintenance_release3_patch2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5(1):::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5.0.997:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_3:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_4:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch3:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch4:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch_1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release2_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release5_patch1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch3:::::: cpe:2.3:a:cisco:webex_meetings_server:2.5:maintenance_release6_patch4:::::: cpe:2.3:a:cisco:webex_meetings_server:2.0.1.107:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:::::: cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:::::: cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:::::: cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:2.0:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.5(.1.6):::::::* cpe:2.3:a:cisco:webex_meetings_server:1.5.1.6:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.5.1.131:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.5_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.5:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.1_base:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.1:::::::* cpe:2.3:a:cisco:webex_meetings_server:1.0:::::::* cpe:2.3:a:cisco:webex_meetings_server:t39.3:::::::* cpe:2.3:a:cisco:webex_meetings_server:t31.11.2:::::::* cpe:2.3:a:cisco:webex_meetings_server:t31:sp3:::::: cpe:2.3:a:cisco:webex_meetings_server:t30:::::::* cpe:2.3:a:cisco:webex_meetings_server:t29:::::::* cpe:2.3:a:cisco:webex_meetings_server:::::::: cpe:2.3:a:cisco:webex_meetings_server:-:::::::*	123

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/105281
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
SECTRACK	http://www.securitytracker.com/id/1041681

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-04-15 01:32:50	Multiple Updates
2021-12-17 01:29:26	Multiple Updates
2021-02-09 12:21:48	Multiple Updates
2021-01-21 01:20:39	Multiple Updates
2020-11-21 01:20:50	Multiple Updates
2020-11-20 01:20:38	Multiple Updates
2020-10-07 12:20:07	Multiple Updates
2020-05-24 01:23:08	Multiple Updates
2020-05-23 02:09:27	Multiple Updates
2020-05-23 01:05:06	Multiple Updates
2019-10-03 09:20:42	Multiple Updates
2019-08-15 12:06:34	Multiple Updates
2019-05-21 01:00:31	Multiple Updates
2019-02-06 21:19:12	Multiple Updates
2018-10-07 17:19:23	Multiple Updates
2018-10-05 21:19:40	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	155
Sources(s)	3

	Related
6.9	cisco-sa-201809...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)