Two high-severity vulnerabilities were found within the Cisco Umbrella platform.
Within the Cisco umbrella platform, the Umbrella Roaming Client runs as System on startup and consumes several files within a directory. It has been discovered that local users had the ability to write data to this directory. As a result, malicious files could be placed within the directory and ran to create or elevate user permissions.
An attacker could gain full administrative privileges on the system and the ability to take full control of the machine.
To address the issue, users need to update their Cisco Umbrella platforms and make sure:
- Cisco Umbrella ERC is at least version 2.1.127 or later
- The roaming client is at least version 4.6.1098 or later.