{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-047.pdf"
    },
    "title": "Cisco Webex Teams Client Vulnerability",
    "serial_number": "2020-047",
    "publish_date": "09-10-2020 09:57:00",
    "description": "On 7th of October 2020, Cisco released three security advisories with an impact evaluated as High. One of them is impacting Windows client version of Cisco Webex Teams. The vulnerability is a DLL Hijacking Vulnerability and could potentially be used by an attacker with a foothold on a system to have another user execute a malicious DLL when Cisco Webex Teams starts.<br>There is no known attacks leveraging this vulnerability or proof-of-concept available for now.",
    "url_title": "2020-047",
    "content_markdown": "---\ntitle: 'Cisco Webex Teams Client Vulnerability'\nversion: '1.0'\nnumber: '2020-047'\ndate: 'October 9, 2020'\n---\n\n_History:_\n\n* _9/10/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 7th of October 2020, Cisco released three security advisories with an impact evaluated as *High* [1]. One of them is impacting Windows client version of *Cisco Webex Teams* [2]. The vulnerability is a DLL Hijacking Vulnerability and could potentially be used by an attacker with a foothold on a system to have another user execute a malicious DLL when *Cisco Webex Teams* starts.\n\nThere is no known attacks leveraging this vulnerability or proof-of-concept available for now.\n\n# Technical Details\n\nThe vulnerability was assigned *CVE-2020-3535* with a CVSS score of 7.8 [3].\n\nThere is no technical details available outside of the initial advisory from Cisco. Based on the description, the vulnerability is due to incorrect handling of directory paths at run time -- meaning that an attacker can place a malicious file in a folder with write access for everyone and have the application execute it when starting.\n\nIf a high-privileged user of the system starts the application, the attacker can escalate his/her privileges on the system.\n\n# Products Affected\n\nThis vulnerability affects the following Cisco Webex Teams Client for Windows versions:\n\n* 3.0.13464.0 through 3.0.16040.0\n\nNon-Windows versions are not affected.\n\n# Recommendations\n\nCERT-EU recommends updating Cisco Webex Teams Client for Windows to the latest version as soon as possible.\n\n# References\n\n[1] <https://tools.cisco.com/security/center/publicationListing.x>\n\n[2] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN>\n\n[3] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3535>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>9/10/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 7th of October 2020, Cisco released three security advisories with an impact evaluated as <em>High</em> [1]. One of them is impacting Windows client version of <em>Cisco Webex Teams</em> [2]. The vulnerability is a DLL Hijacking Vulnerability and could potentially be used by an attacker with a foothold on a system to have another user execute a malicious DLL when <em>Cisco Webex Teams</em> starts.</p><p>There is no known attacks leveraging this vulnerability or proof-of-concept available for now.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability was assigned <em>CVE-2020-3535</em> with a CVSS score of 7.8 [3].</p><p>There is no technical details available outside of the initial advisory from Cisco. Based on the description, the vulnerability is due to incorrect handling of directory paths at run time -- meaning that an attacker can place a malicious file in a folder with write access for everyone and have the application execute it when starting.</p><p>If a high-privileged user of the system starts the application, the attacker can escalate his/her privileges on the system.</p><h2 id=\"products-affected\">Products Affected</h2><p>This vulnerability affects the following Cisco Webex Teams Client for Windows versions:</p><ul><li>3.0.13464.0 through 3.0.16040.0</li></ul><p>Non-Windows versions are not affected.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating Cisco Webex Teams Client for Windows to the latest version as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/publicationListing.x\">https://tools.cisco.com/security/center/publicationListing.x</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3535\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3535</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}