Cisco Webex Meetings Vulnerability: Modification of Distribution Lists by Unauthorized Users
CVE-2021-1410

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 18 November 2024

What is CVE-2021-1410?

A vulnerability exists in the distribution list feature of Cisco Webex Meetings, enabling an authenticated remote attacker to alter distribution lists belonging to other users within the same organization. This flaw arises from inadequate enforcement of authorization checks when processing update requests for distribution lists. An attacker capable of exploiting this vulnerability can send a specially crafted request to the Webex Meetings interface, thereby gaining the ability to modify distribution lists they are not entitled to access. Cisco has released updates aimed at addressing this issue, with no workarounds available to mitigate the risk.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020