Main Vulnerability Database Vulnerabilities #VU20870

#VU20870 Incorrect permissions in Cisco Jabber Client Framework - CVE-2019-12645

Published: September 5, 2019 / Updated: September 5, 2019

Vulnerability identifier: #VU20870

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12645

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Jabber Client Framework

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to execute arbitrary code on the target device.

The vulnerability exists due to improper file level permissions on an affected device when it is running a vulnerable software. A local authenticated user can modify certain configuration files and execute arbitrary code with privileges of the installed Cisco JCF for Mac Software.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-jcf-codex