CVE-2021-1410

CWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 57.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex MeetingsCisco Webex Meetings
Timeline
PublishedNov 18

Description

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attac

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/webex_meetings18 versions+17
CVEListV5cisco/cisco_webex_meetings18 versions+17

🔴Vulnerability Details

2
CVEList
Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability2024-11-18
GHSA
GHSA-j5h7-5c44-5mjv: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list t2024-11-18

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability2021-03-03
CVE-2021-1410 (MEDIUM CVSS 4.3) | A vulnerability in the distribution | cvebase.io