CVE-2021-1410
Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization.
The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Una vulnerabilidad en la función de lista de distribución de Cisco Webex Meetings podría permitir que un atacante remoto autenticado modifique una lista de distribución que pertenece a otro usuario de su organización. La vulnerabilidad se debe a una aplicación insuficiente de la autorización para las solicitudes de actualización de listas de distribución. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud manipulada a la interfaz de Webex Meetings para modificar una lista de distribución existente. Una explotación exitosa podría permitir al atacante modificar una lista de distribución que pertenece a un usuario que no sea él mismo. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2024-11-18 CVE Published
- 2024-11-18 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.7.7 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.7.7" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.9 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.9" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.4.10 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.4.10" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.6 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.6" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.6.2 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.6.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.8.2 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.8.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.8.4 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.8.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.1 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.11 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.11" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.7.4 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.7.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.9.1 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.9.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.4 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.6 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.6" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.7 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.7" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.8 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.8" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.8.3 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.8.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 40.2 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "40.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Webex Meetings Search vendor "Cisco" for product "Cisco Webex Meetings" | 39.10 Search vendor "Cisco" for product "Cisco Webex Meetings" and version "39.10" | en |
Affected
| ||||||