CVE-2021-1410

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_meetings:39.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.7.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.8.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.9.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:39.11:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.4.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings:40.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-j5h7-5c44-5mjv

CVSS3: 4.3

github

около 1 года назад

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

BDU:2021-01244

CVSS3: 4.3

fstec

почти 5 лет назад

Уязвимость программного обеспечения веб-конференцсвязи Cisco Webex Meetings, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-284