CVE-2021-1311

CWE-3074 documents4 sources
Severity
5.4MEDIUM
EPSS
0.4%
top 41.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex MeetingsCisco Webex Meetings ServerCisco Cisco Webex Meetings Server
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a W

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDcisco/webex_meetings< 40.12.0

🔴Vulnerability Details

2
GHSA
GHSA-g93r-rwcj-f35x: A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker2022-05-24
CVEList
Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability2021-01-13
CVE-2021-1311 (MEDIUM CVSS 5.4) | A vulnerability in the reclaim host | cvebase.io