How severe is CVE-2018-0422?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2018-0422?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2018-0422 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.

Related Vulnerabilities

CVE-2018-12335

HIGH

CVSS:7.3(High)

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestric...

CWE-7322018

CVE-2018-18098

HIGH

CVSS:7.3(High)

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

CWE-7322018

CVE-2018-19113

HIGH

CVSS:7.3(High)

The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronesto...

CWE-7322018

CVE-2019-12876

HIGH

CVSS:7.3(High)

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

CWE-7322019

CVE-2019-13208

HIGH

CVSS:7.3(High)

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1....

CWE-7322019

CVE-2020-10140

HIGH

CVSS:7.3(High)

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can ach...

CWE-7322020