Sign-up

ID

VAR-201604-0545


CVE

CVE-2016-4349


TITLE

Cisco WebEx Productivity Tools Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-002414

DESCRIPTION

Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140. Vendors have confirmed this vulnerability Bug ID CSCuy56140 It is released as. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user can create a Trojan horse in the current working directory. cryptsp.dll , dwmapi.dll , msimg32.dll , ntmarta.dll , propsys.dll , riched20.dll , rpcrtremote.dll , secur32.dll , sxs.dll Or uxtheme.dll It may be possible to get permission through the file. A local attacker can leverage these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. dll, uxtheme.dll) exploit this vulnerability to gain permissions

Trust: 1.98

sources: NVD: CVE-2016-4349 // JVNDB: JVNDB-2016-002414 // BID: 89341 // VULHUB: VHN-93168

AFFECTED PRODUCTS

vendor:ciscomodel:webex productivity toolsscope:eqversion:2.40.5001.10012

Trust: 2.4

sources: JVNDB: JVNDB-2016-002414 // CNNVD: CNNVD-201604-624 // NVD: CVE-2016-4349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4349
value: HIGH

Trust: 1.0

NVD: CVE-2016-4349
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-624
value: HIGH

Trust: 0.6

VULHUB: VHN-93168
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4349
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93168
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4349
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93168 // JVNDB: JVNDB-2016-002414 // CNNVD: CNNVD-201604-624 // NVD: CVE-2016-4349

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-002414 // NVD: CVE-2016-4349

THREAT TYPE

local

Trust: 0.9

sources: BID: 89341 // CNNVD: CNNVD-201604-624

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201604-624

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002414

PATCH
title:Cisco WebExurl:https://www.webex.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-002414

EXTERNAL IDS
db:NVDid:CVE-2016-4349
Trust: 2.8
db:JVNDBid:JVNDB-2016-002414
Trust: 0.8
db:CNNVDid:CNNVD-201604-624
Trust: 0.7
db:BIDid:89341
Trust: 0.4
db:VULHUBid:VHN-93168
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93168 // 
            
            
            
            BID: 89341 // 
            
            
            
            JVNDB: JVNDB-2016-002414 // 
            
            
            
            CNNVD: CNNVD-201604-624 // 
            
            
            
            NVD: CVE-2016-4349

REFERENCES
url:https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2016/04/webex-productivity-tools/
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4349
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4349
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93168 // 
            
            
            
            BID: 89341 // 
            
            
            
            JVNDB: JVNDB-2016-002414 // 
            
            
            
            CNNVD: CNNVD-201604-624 // 
            
            
            
            NVD: CVE-2016-4349

CREDITS
Jose Hernandez, Jacob Faires, and Solutionary Engineering Research Team (SERT)
Trust: 0.3
sources:
            
            
            BID: 89341

SOURCES
db:VULHUBid:VHN-93168
db:BIDid:89341
db:JVNDBid:JVNDB-2016-002414
db:CNNVDid:CNNVD-201604-624
db:NVDid:CVE-2016-4349

LAST UPDATE DATE
2025-04-12T23:31:19.485000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93168date:2016-05-04T00:00:00
db:BIDid:89341date:2016-04-18T00:00:00
db:JVNDBid:JVNDB-2016-002414date:2016-05-06T00:00:00
db:CNNVDid:CNNVD-201604-624date:2016-04-29T00:00:00
db:NVDid:CVE-2016-4349date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-93168date:2016-04-28T00:00:00
db:BIDid:89341date:2016-04-18T00:00:00
db:JVNDBid:JVNDB-2016-002414date:2016-05-06T00:00:00
db:CNNVDid:CNNVD-201604-624date:2016-04-29T00:00:00
db:NVDid:CVE-2016-4349date:2016-04-28T22:59:02.507