A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-23T00:26:55.488486Z
Updated: 2024-09-17T01:11:14.808Z
Reserved: 2019-09-06T00:00:00
Link: CVE-2019-16000
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-23T01:15:13.473
Modified: 2020-09-28T18:50:34.177
Link: CVE-2019-16000
Redhat
No data.