CVE-2021-1310

CWE-601Open Redirect5 documents5 sources
Severity
4.7MEDIUM
EPSS
0.2%
top 59.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Cisco Webex Meetings
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/webex_meetings< 40.11.1

🔴Vulnerability Details

2
GHSA
GHSA-mhr4-7h64-3vv5: A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an2022-05-24
CVEList
Cisco Webex Meetings Open Redirect Vulnerability2021-01-13

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2022-13082022-04-11
Cisco
Cisco Webex Meetings Open Redirect Vulnerability2021-01-13
CVE-2021-1310 (MEDIUM CVSS 4.7) | A vulnerability in the web-based ma | cvebase.io