CVE-2021-1524
Cisco Meeting Server API Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition.
Una vulnerabilidad en la API de Cisco Meeting Server, podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se presenta porque las peticiones que son enviadas a la API no son comprobadas apropiadamente. Un atacante podría explotar esta vulnerabilidad mediante el envio de una petición maliciosa a la API. Una explotación con éxito podría permitir al atacante causar que todos los participantes en una llamada se desconecten, resultando en una condición de DoS
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2021-06-16 CVE Published
- 2024-09-17 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | >= 3.1 < 3.1.1 Search vendor "Cisco" for product "Meeting Server" and version " >= 3.1 < 3.1.1" | - |
Affected
|