CVE-2021-1311
Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.
Una vulnerabilidad en la funcionalidad reclaim host role de host de Cisco Webex Meetings y Cisco Webex Meetings Server, podría permitir a un atacante remoto autenticado se haga cargo de la función de host durante una reunión. Esta vulnerabilidad se debe a la falta de protección contra la fuerza bruta de la clave del host. Un atacante podría explotar esta vulnerabilidad enviando solicitudes diseñadas a un sitio vulnerable de Cisco Webex Meetings o Webex Meetings Server. Una explotación con éxito requeriría que el atacante tuviera acceso para unirse a una reunión de Webex, incluidos los vínculos y las contraseñas correspondientes para unirse a la reunión. Una explotación con éxito podría permitir al atacante adquirir o asumir el rol de anfitrión de una reunión.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Webex Meetings Search vendor "Cisco" for product "Webex Meetings" | < 40.12.0 Search vendor "Cisco" for product "Webex Meetings" and version " < 40.12.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | < 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version " < 3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 3.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "3.0" | maintenance_release4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 4.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "4.0" | maintenance_release3 |
Affected
| ||||||