Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1525

Опубликовано: 04 июн. 2021
Источник: nvd
CVSS3: 4.7
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_meetings_online:41.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
Версия до 3.0 (исключая)
cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3_security_patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3_security_patch4:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00183
Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

github логотип

GHSA-7q8v-785j-jc5w

github
больше 3 лет назад

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks.

fstec логотип

BDU:2022-06347

CVSS3: 6.1
fstec
больше 4 лет назад

Уязвимость интерфейса программного обеспечения веб-конференцсвязи Cisco Webex Meetings Server и Cisco Webex Meetings, позволяющая нарушителю перенаправить пользователей на произвольный URL-адрес

EPSS

Процентиль: 40%
0.00183
Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601