CVE-2018-15442 – Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2018-15442

24 Oct 2018 — A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the ... • https://packetstorm.news/files/id/180809 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •