5.5

CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

Data is provided by the National Vulnerability Database (NVD)
CiscoWebex Meetings Version < 40.12.0
CiscoWebex Meetings Server Version < 3.0
CiscoWebex Meetings Server Version3.0 Update-
CiscoWebex Meetings Server Version3.0 Updatemaintenance_release1
CiscoWebex Meetings Server Version3.0 Updatemaintenance_release2
CiscoWebex Meetings Server Version3.0 Updatemaintenance_release3
CiscoWebex Meetings Server Version3.0 Updatemaintenance_release4
CiscoWebex Meetings Server Version4.0 Update-
CiscoWebex Meetings Server Version4.0 Updatemaintenance_release1
CiscoWebex Meetings Server Version4.0 Updatemaintenance_release2
CiscoWebex Meetings Server Version4.0 Updatemaintenance_release3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.29% 0.497
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
psirt@cisco.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.