Situation
Two high-severity vulnerabilities were found within the Cisco Umbrella platform.
Problem
Within the Cisco umbrella platform, the Umbrella Roaming Client runs as System on startup and consumes several files within a directory. It has been discovered that local users had the ability to write data to this directory. As a result, malicious files could be placed within the directory and ran to create or elevate user permissions.
Implication
An attacker could gain full administrative privileges on the system and the ability to take full control of the machine.
Need
To address the issue, users need to update their Cisco Umbrella platforms and make sure:
- Cisco Umbrella ERC is at least version 2.1.127 or later
- The roaming client is at least version 4.6.1098 or later.