CVE-2021-1517

EPSS 0.18%
Veröffentlicht 04.06.2021 17:15:08
Zuletzt bearbeitet 21.11.2024 05:44:31
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Webex Meetings Online Version41.3.5

Cisco ≫ Webex Meetings Server Version < 3.0

Cisco ≫ Webex Meetings Server Version3.0 Update-

Cisco ≫ Webex Meetings Server Version3.0 Updatemaintenance_release1

Cisco ≫ Webex Meetings Server Version3.0 Updatemaintenance_release2

Cisco ≫ Webex Meetings Server Version3.0 Updatemaintenance_release3

Cisco ≫ Webex Meetings Server Version4.0 Update-

Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release1

Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release2

Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release3

Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release3_security_patch3

Cisco ≫ Webex Meetings Server Version4.0 Updatemaintenance_release3_security_patch4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.362

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
psirt@cisco.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-multimedia-26DpqVRO

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1517

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1517

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1517

EUVD