How severe is CVE-2019-16001?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-16001?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2019-16001 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.

Related Vulnerabilities

CVE-2017-5147

MEDIUM

CVSS:5.3(Medium)

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicio...

CWE-4272017

CVE-2019-5245

MEDIUM

CVSS:5.3(Medium)

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DL...

CWE-4272019

CVE-2024-30117

MEDIUM

CVSS:5.3(Medium)

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

CWE-4272024

CVE-2019-1794

MEDIUM

CVSS:5.1(Medium)

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled sea...

CWE-4272019

CVE-2020-25738

MEDIUM

CVSS:5.5(Medium)

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a...

CWE-4272020

CVE-2020-8315

MEDIUM

CVSS:5.5(Medium)

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.d...

CWE-4272020