Insecure DLL loading in Cisco Systems, Inc products - CVE-2021-1536
Published: June 3, 2021
Vulnerability identifier: #VU53759
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1536
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Webex Meetings Client for Windows
Cisco Webex Teams
Cisco WebEx Meetings Server
Cisco WebEx Network Recording Player
Cisco Webex Meetings Client for Windows
Cisco Webex Teams
Cisco WebEx Meetings Server
Cisco WebEx Network Recording Player
Detailed vulnerability description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to incorrect handling of directory paths at run time. A local user can place a specially crafted .dll file and execute arbitrary code on victim's system.
How to mitigate CVE-2021-1536
Install updates from vendor's website.