Cisco WebEx Meetings for Android Custom Permissions Vulnerability

cisco-sa-20151201-wmc · Medium · Published 10 years ago · Updated 10 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at initialization. An attacker could exploit this vulnerability by downloading a malicious Android application to the mobile device. An exploit could allow the attacker to utilize the custom application to silently acquire the same permissions as the WebEx application. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc

Cisco advisory ·CSAF JSON

Workarounds

Workarounds are not available.

CVEs	CVE-2015-6384
Cisco Bug IDs	CSCuw86442
CVSS Score	Base 4.3 Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco WebEx Meetings for Android	CVE-2015-6384	structured affected CSAF product_status