Cisco Webex Meetings Vulnerability: Modification of Distribution Lists by Unauthorized Users
CVE-2021-1410

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Webex Meetings
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability exists in the distribution list feature of Cisco Webex Meetings, enabling an authenticated remote attacker to alter distribution lists belonging to other users within the same organization. This flaw arises from inadequate enforcement of authorization checks when processing update requests for distribution lists. An attacker capable of exploiting this vulnerability can send a specially crafted request to the Webex Meetings interface, thereby gaining the ability to modify distribution lists they are not entitled to access. Cisco has released updates aimed at addressing this issue, with no workarounds available to mitigate the risk.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.