Insufficient verification of data authenticity in Cisco Umbrella Roaming Client for Windows

Published: 2020-01-27

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-16000
CWE-ID	CWE-345
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Cisco Umbrella Roaming for Windows Client/Desktop applications / Other client software
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Insufficient verification of data authenticity

EUVDB-ID: #VU24679

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-16000

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local user to install arbitrary, unapproved applications on a targeted device.

The vulnerability exists in the automatic update process due to insufficient verification of the Windows Installer. A local administrator can place a file in a specific location in the Windows file system, bypass configured policy and install unapproved applications.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Umbrella Roaming for Windows: 2.2.238

CPE2.3

cpe:2.3:a:cisco_systems:cisco_umbrella_roaming_for_windows:2.2.238:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-umbrella-msi-install

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.