By 
Cisco has fixed a high-severity vulnerability in its Webex video conferencing platform for the third time. At this, Cisco Systems is expecting three times charm fixing it once again. The networking giant has announced a third fix for a obstinate high-severity vulnerability in its Webex Meetings platform soon after the analysts detected once again a method to bypass the last patch.
The perquisite elevation flaw – CVE-2019-1674 that exists in the service modification for Windows of Cisco Webex Meetings Desktop App, and could permit an genuine striker to acquire SYSTEM user advantages and run absolute commands. Cisco had primary fixed the fundamental privilege-escalation flaw last year in October before this latest bypass, and then again the researchers found with SecureAuth bypassed that fixed last year in November.
“The update service of Cisco Webex Meetings Desktop App for Windows does not properly validate version numbers of new files,” said SecureAuth researchers in a Wednesday post. “An unprivileged local attacker could exploit this vulnerability by invoking the update service command with a crafted argument and folder. This will allow the attacker to run arbitrary commands with SYSTEM user privileges.”
The analysts informed Cisco about the current bypass on December 4, 2018 and Cisco then announced a fix and advisory over it on February 27, 2018.
Cisco Webex Meetings Desktop App’s influenced different versions, between 33.8.2.7 and 33.6.4.15. the older versions are likely impacted also, however they were not looked at, analysts stated. The flaw is patched in Cisco Webex Meetings Desktop App Release 33.9.1 and 33.6.6 announces and in Cisco Webex Productivity Tools Release 33.0.7.
Analysts stated that the flaw stems from the modern service of the tool unsuccessful to authorize version numbers of new data files, fundamentally providing the striker with elevated advantages by raising the modern service command along with a crafted statement and folder.
The researchers stated that the flaw appears with cautions, the striker would require to be authenticated and local first before introducing a threat. The striker could supercede the newer binary along with early vulnerable version via a bogus update, which will load a harmful spirited link library. This will let the striker to run absolute commands along with SYSTEM user advantages.
The flaw can be employed by copying the binary to a native striker controller folder at a more technical level, and naming it again. Then, an earlier version of the update binary data file would be condensed as 7z and identical version to the controller folder.
A harmful dynamic link library must merely be kept in the similar folder, named vcruntime140.dll and condensed as vcruntime140.7z.
Eventually, the researchers stated that a ptUpdate.xml file must be offered in the controller folder for the newer binary to treat the data files as a average update.
“To gain privileges, the attacker must start the service with the command line: sc start webexservice WebexService 1 989898 ‘attacker-controlled-path,” they said. “Cisco is committed to transparency,” a Cisco spokesperson told Threatpost. “When security issues arise, we handle them openly and as a matter of top priority, so our customers understand the issue and how to address it. On February 27, Cisco published a security advisory about a vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows. Cisco has released software updates that address this vulnerability.”
