CVE-2021-1372Exposure of Sensitive Information Through Data Queries in Cisco Webex Meetings

CWE-202Exposure of Sensitive Information Through Data Queries6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex MeetingsCisco Webex Meetings ServerCisco Webex Productivity Tools
Timeline
PublishedFeb 17
Latest updateMay 24

Description

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the att

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/webex_meetings< 40.6+1

🔴Vulnerability Details

2
GHSA
GHSA-r5cq-f6p7-hpq4: A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain acce2022-05-24
CVEList
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability2021-02-17

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability2021-02-17

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Heap buffer overflow condition in Google Chrome could lead to code execution2022-01-11
Talos
Vulnerability Spotlight: Heap buffer overflow condition in Google Chrome could lead to code execution2022-01-11
CVE-2021-1372 — Cisco Webex Meetings vulnerability | cvebase