Rewterz Threat Advisory – Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
November 5, 2020Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
November 5, 2020Rewterz Threat Advisory – Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
November 5, 2020Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
November 5, 2020Severity
High
Analysis Summary
CVE-2020-3588
This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user.
Impact
Arbitrary Code Execution
Affected Vendors
Cisco
Affected Products
Cisco Webex Meetings Virtual Desktop Software for Windows
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ