CVE-2019-16000— Cisco Umbrella Roaming Client for Windows Install Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-16000
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Umbrella Roaming Client for Windows Install Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Umbrella Roaming Client for Windows 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Umbrella是美国思科(Cisco)公司的一套云安全平台。该平台能够预防网络钓鱼、恶意软件和勒索软件等网络威胁。 基于Windows平台的Cisco Umbrella Roaming Client 2.2.238版本中的自动更新进程存在数据伪造问题漏洞,该漏洞源于程序没有进行充分的验证。本地攻击者可通过在Windows文件系统中放入文件利用该漏洞在目标设备上安装任意未经批准的应用程序。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Umbrella Enterprise Roaming Client for Windows | n/a | - |
II. Public POCs for CVE-2019-16000
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-16000
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-umbrella-msi-installvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-16000
Same Patch Batch · Cisco · 2020-09-23 · 34 CVEs total
| CVE-2020-3569 | 8.6 HIGH | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities |
| CVE-2019-16023 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | |
| CVE-2019-16021 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | |
| CVE-2019-16025 | Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-16028 | Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Byp | |
| CVE-2019-1736 | Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability | |
| CVE-2019-1888 | Cisco Unified Contact Center Express Privilege Escalation Vulnerability | |
| CVE-2019-1947 | Cisco Email Security Appliance Denial of Service Vulnerability | |
| CVE-2019-1983 | Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of S | |
| CVE-2020-3116 | Cisco Webex Centers Denial of Service Vulnerability | |
| CVE-2020-3117 | Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header I | |
| CVE-2020-3124 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability | |
| CVE-2020-3130 | Cisco Unity Connection Directory Traversal Vulnerability | |
| CVE-2020-3133 | Cisco Email Security Appliance Content Filter Bypass Vulnerability | |
| CVE-2020-3135 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability | |
| CVE-2020-3137 | Cisco Email Security Appliance Cross-Site Scripting Vulnerability | |
| CVE-2020-3143 | Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Tr | |
| CVE-2019-15283 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne | |
| CVE-2019-16019 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | |
| CVE-2019-16017 | Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability |
Showing top 20 of 34 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-345
- CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-31835
Vaultwarden WebAuthn credential metadata tampered before sig - CVE-2026-43534
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent H
V. Comments for CVE-2019-16000
No comments yet